US6026166A - Digitally certifying a user identity and a computer system in combination - Google Patents

Digitally certifying a user identity and a computer system in combination Download PDF

Info

Publication number
US6026166A
US6026166A US08954245 US95424597A US6026166A US 6026166 A US6026166 A US 6026166A US 08954245 US08954245 US 08954245 US 95424597 A US95424597 A US 95424597A US 6026166 A US6026166 A US 6026166A
Authority
US
Grant status
Grant
Patent type
Prior art keywords
step
signature
user
user system
system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
US08954245
Inventor
John H. LeBourgeois
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Cryptoworx Corp
iPass Inc
Original Assignee
Cryptoworx Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Grant date

Links

Images

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • G06Q20/023Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP] characterized in that the neutral party is a clearing house
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/085Payment architectures involving remote charge determination or related payment systems
    • G06Q20/0855Payment architectures involving remote charge determination or related payment systems involving a third party
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/12Payment architectures specially adapted for electronic shopping systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3821Electronic credentials
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3821Electronic credentials
    • G06Q20/38215Use of certificates or encrypted proofs of transaction rights
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Card specific authentication in transaction processing
    • G06Q20/4093Monitoring of card authentication

Abstract

Digital certification method in which a first digital signature dependent upon a first user identity and a first user system in combination, is stored accessibly to a certification server. The first user identity can be distinguished by, for example, a PIN provided by the user. Subsequently, the user system generates a second signature dependent upon both the current user identity and the current user system in combination. The certifying system then compares the second signature with the first, as stored, to certify the transaction. The certification can accommodate normal computer system component drift. An inquiring system, desiring to confirm the identity of a user, issues a challenge code to the user system. The user system then digests the user's PIN, individual component signatures as they currently exist on the user's system, together with the challenge code to generate the new signature. The new signature is transmitted back to the inquiring system, which transmits it on to the certification server together with the challenge code. The certification server then digests the challenge code with the original signature as previously stored, and compares the result to the newly provided signature to confirm the users identity, else drift criteria can be applied if desired.

Description

BACKGROUND OF THE INVENTION

1. Field of the Invention

The invention relates to digital certification techniques and, more particularly, to a technique for certifying a user identity and computer system in combination.

2. Description of Related Art

Digital commerce on the Internet requires the ability to digitally "sign" messages, providing a level of assurance that the purported sender of the message is in-fact the true sender of the message. Commonly, a digital signature is created by encrypting a digest of the message with the sender's private key. In order to verify authorship, the recipient of the message decrypts the digital signature using the public key of the purported sender to recover the original digest, and compares the result to the recipient's own digest of the message as received.

The reliability of the signature verification depends on the reliability of the recipient's copy of the sender's public key. Often the sender transmits such a copy of his or her public key along with the original message, as a courtesy. Therefore, one possible way of subverting the digital signature technique is that an impostor might create a message purportedly from the original sender, and encrypt a digest of the message according to a different private key. The impostor would then send the message on to the recipient with the new encrypted digest and with the public key corresponding to the impostor's private key. Assuming the recipient relies on the public key received with the message in order to verify the authenticity of the message, then the recipient's verification that the message originated from the original sender will be false.

One known method for preventing this kind of subversion involves the use of digital certificates, for example as set forth in International Telecommunication Union, "Recommendation X.509--Information Technology--Open Systems Interconnection--the Directory: Authentication Framework" November 1993 ("Recommendation X.509"), incorporated herein by reference. According to this standard, the sender transmits the original message and encrypted digest in conjunction with a digital certificate. To create the certificate, the sender passes the sender's public key through the message digesting algorithm to form a digest for the sender's public key, which is then encrypted by a third party certifier using the certifier's private key to form an encrypted digest of the sender's public key. The certifier may be any third party who is trusted by the recipient to not be subject to subversion by the impostor. The sender then transmits to the recipient the original desired message, the encrypted digest for the original message, and the certificate (including the sender's public key and the encrypted digest of the sender's public key). As with the non-certificated transmission, the sender may include the certifier's public key as part of the certificate.

In order to verify the authenticity of the message, the recipient uses the sender's public key, from the certificate, to verify the authenticity of the message itself in the manner described above. The recipient also uses the certifier's public key to verify the authenticity of the encrypted digest in the certificate of the sender's public key.

But a certification scheme is also subject to subversion in the same manner as the non-certificated scheme if the recipient still must rely on the validity of the certifier's public key as provided in the certificate to determine the authenticity of the certificate itself. The X.509 scheme, therefore, envisions a hierarchy of certifying authorities, each certifying the public key of one or more other certifying authorities, until a certification chain is created from the original sender of the message up to some universally trusted certifying authority (referred to as the Root Authority (RA)).

The X.509 standard for signing messages suffers from a number of drawbacks, not the least of which is that no universally trusted RA currently exists. A number of different entities aspire to that role, but none is currently universally accepted. The necessary hierarchy of certifying authorities is not currently in place. Another deficiency involves the complexity of the certification and verification process which involve multiple layers of certifications. In addition, even if the hierarchy of certifying authorities were in place, and the RA were accepted as trustworthy, the X.509 standard still may not reliably bind a digital signature to an individual. Rather, binding is based only on the preponderance of the evidence that at some time in the past, the signer was in fact the individual that he or she purported to be.

Another deficiency with the X.509 standard is that, as proposed, every validation by a certifying authority is likely to incur a fee. Another problem is that the X.509 scheme depends on users abiding by certain policies and constraints promulgated in the various certifying hierarchies, such as expiration dates and certificate revocations. Moreover, the policies and constraints promulgated in different hierarchies can be different. A number of other deficiencies also exist in the X.509 scheme.

Different kinds of transactions require different degrees of confidence in the validity of a digital signature. For example, whereas large dollar amount transactions, stock trading, weapons release, and so on might require a high level of confidence, smaller transactions might not require such a high level of confidence. Very small cash transactions or non-transaction communications might not require very much confidence at all in the validity of the digital signature. For communications and transactions not requiring the highest level of confidence in the digital signature, an alternative to the X.509 hierarchical model exists. This alternative, known as Pretty Good Privacy (PGP), proposes a diffuse network model, where networks of people "sign" a given user's public key on a public key server. Public keys thereby gradually accumulate sufficient "mass" to vouch for the identity of the owner of the public key. The PGP scheme avoids some of the problems with the X.509 standard, but lacks any means for accountability. Thus, of the two primary conventional cryptographic techniques for binding the sender of a message with an identity, one is unwieldy and requires an infrastructure that is not currently in place, and the other is not sufficiently binding or accountable to be used in high-risk transactions.

Certain classes of transactions exist which do not require the binding of the sender of a message with an individual. For example, authorization transactions do not require that the individual requesting authorization be identifiable by the authority of which authorization is being requested. The identity of the individual may be, for example, on file at a bank. What is important for these transactions is that the identity of the user be consistent, not that the individual be known. For the use of an automated teller machine, for example, the user need only enter an account number and PIN (personal identification number). The identity of the individual is not transmitted for the authorization transaction; only a representation, in the form of the user's PIN and the number recorded on the ATM card is transmitted. Authorization certifications usually have only a one-tier hierarchy, such as where a bank or credit card company previously issued the user an I.D. on the basis of the user's account with the bank or credit card company. They usually do not rely on a chain of certifying authorities to validate the user. One-tier authorization certification thereby avoids any need for a hierarchy infrastructure as in the X.509 standard. By foregoing the necessity of a binding between a user and a known individual, these systems also avoid any need for a sufficient mass of signers on a public key server to vouch for the identity of the user, as in the PGP scheme.

In U.S. patent application SC/Ser. No. 08/818,132, filed Mar. 14, 1997, entitled "DIGITAL PRODUCT RIGHTS MANAGEMENT TECHNIQUE", by inventor John H. LeBourgeois, incorporated herein by reference in its entirety, an enhanced authorization mechanism is described which binds an authorization requester to a particular computer system, for example, rather than to a particular individual. Such a mechanism is useful, for example, for ensuring that digital products, such as software, music, images and so on, be authorized for use only on a single computer. Anonymity (privacy) of the individual user can be maintained. As set forth in the above-incorporated patent application, a "reader system signature" is developed at the time the product is to be used on the reader system, based on identifying information of certain hardware or software components then on the system. The reader system is able to make use of the digital product only if the proper system signature exists. A certain amount of flexibility is built into the process, because if validation at the time of use fails, a revalidation process takes place whereby a license server determines, in a sense, "how different" the reader system is currently as compared to its configuration at the time of the original authorization. If the reader system as it is currently configured satisfies certain predetermined "drift" criteria, then reauthorization is automatic; otherwise reauthorization is made manually. Thus the technique described in the above-incorporated patent application permits flexible authorization-type certification with only a single level of hierarchy and while preserving the privacy of individual users.

SUMMARY OF THE INVENTION

The present invention permits the binding of a user identity (virtual or physical) with an authorization request. This binding is reliable enough to be used in relatively high-risk transactions, and can be made reliable enough to be used in the highest-risk transactions. An embodiment of the invention optionally can make use of some of the system signature technology described in the above-incorporated patent application.

According to the invention, roughly described, a first signature dependent upon a first user identity and a first user system in combination, is stored accessibly to a certification server. The first user identity can be, for example, a PIN provided by the user. Subsequently, at a second time when the user desires authorization to complete a transaction, the user system generates a second signature dependent upon both the current user identity and the current user system in combination. The certifying system then compares the second signature with the first, as stored, in order to determine whether to certify the transaction. The certification can accommodate normal computer system component drift, for example in the manner described in the above-incorporated patent application.

It will be appreciated that such a method minimizes the risk of a stolen PIN, because the PIN is useless without the computer system hardware on which the first user identity was originally established. The technique also minimizes the risk of subversion through the theft of the first user's computer hardware because, again, the transaction will not be authorized without the user's PIN.

In an aspect of the invention, the mechanism can also provide a level of confidence that the second signature, provided to the certification server at the time that authorization is requested, truly was generated based on the user's system components as it existed at the time that the authorization is requested, rather than being merely a copy of a signature stored previously. In an embodiment, after the user issues an authorization request to a merchant system, for example, the merchant system issues a challenge code back to the user system The user system then digests the user's PIN, individual component signatures as they currently exist on the user's system, together with the challenge code to generate the new signature. The new signature is transmitted back to the merchant server, which transmits it on to the certification server together with the challenge code. The certification server then digests the challenge code with the original first signature as previously stored, and compares the result to the newly provided signature. If they match, then the transaction is authorized. If not, then drift criteria can be applied if desired.

The mechanism according to the invention has a number of advantages over other authorization certification techniques. For example, the certification by nature is limited in time, since ordinary hardware drift or new computer hardware would invalidate previous certifications allowing new certifications to be generated. As another example, validation of the first user identity is self-certifying; if the digest of the user's system is not correct, the certification fails automatically. This allows minimization of transaction costs and greater security for on-line validation. As another example, the certification may be ported to a smart card, with an appropriate code indicating smart card usage and an expiration time stamp. Furthermore, identity cannot be loaned to another person without the other person being present on the hardware. For the same reason, nor can a user identity be stolen and transmitted through the Internet. The ability for self-certification is present as well, leveling the entire X.509 hierarchy, as the single certification authority can substantially rely on the uniqueness of the certificate presented binding the individual to the user system. Certifications can now be generated in two versions: anonymous and publicly bound. Moreover, individuals can generate a number of different virtual user identities, simply by using different PINs for each identity. This improves anonymity in transactions and communications. Finally, for cases where the physical identity of a user must be bound to a machine instance, external validation of identity can bind the person to the hardware certification, with much more confidence and less risk than currently exists in the conventional proposed systems.

BRIEF DESCRIPTION OF THE DRAWINGS

The invention will be described with respect to particular embodiments thereof, and reference will be made to the drawings, in which:

FIG. 1 is an overall symbolic diagram of an arrangement according to the invention.

FIG. 2 is a symbolic block diagram illustrating the structure of a typical computer system which may be used as a user system, an inquirer system or a certification server.

FIGS. 3A and 3B in combination are a flow chart illustrating the overall system flow for the embodiment of FIG. 1.

FIG. 4 is a flow chart detail of step 314 in FIG. 3A.

FIG. 5 is a flow chart detail of step 330 in FIG. 3B.

FIG. 6 is a detail of step 336 in FIG. 3B.

FIG. 7 is a detail of the decision step 338 in FIG. 3B.

FIGS. 8 and 9 are alternative details of step 724 in FIG. 7.

FIG. 10 is a detail of step 1000 in FIGS. 7, 8 and 9.

DETAILED DESCRIPTION

FIG. 1 is an overall symbolic diagram of an arrangement according to the invention. The arrangement has three primary components: a user system 102, a financial clearinghouse system 104 and a system referred to herein as an inquirer system 106. The financial clearinghouse system 104 can be any certification server trusted by the inquirer 106, such as a bank, a credit card company, or a third party certifying authority. The inquirer system 106 can be any entity that wishes to verify with the financial clearinghouse 104 the identity of a user. In the embodiment described herein, the inquirer 106 might be, for example, an on-line merchant server system. In conformity with this paradigm, the user 102 might be a person interested in purchasing goods or services from the merchant 106. In addition to the above, the financial clearinghouse 104 maintains a signature database 108, containing digital signatures of the various accounts held by users of the financial clearinghouse 104.

In general operation, a user opens up an account with the financial clearinghouse 104, and provides a digital signature to the clearinghouse 104 for storage on the signature database 108. As described in more detail hereinafter, the digital signature depends upon both the user and the user's system 102. At a subsequent time, when the user wishes to purchase merchandise from the merchant 106, the user system 102 regenerates the signature in real time, including both the portions which depend upon the user and the portions which depend upon the user's system. The newly generated signature is provided to the financial clearinghouse, which processes it in relation to the digital signature originally stored on the signature database 108 to determine whether the real timegenerated signature is valid.

In FIG. 1, the user system 102, the certification server 104 and the inquirer system 106 are each illustrated as a respective individual block. Depending on the embodiment, each block might contain no more than a single computer, or in different embodiments, different blocks can contain more than one computer. In one embodiment, one or more of the blocks 102, 104 and 106, for example the certification server 104, contains a number of computers spread out over a great geographical area and interconnected by a network. The illustration of the user system 102, the certification server 104, and the inquirer system 106 as single blocks is not intended to indicate that each must constitute only a single computer system or that each must be located at a respective single location.

Nor is there any requirement that computers used to form the user system 102, the certification server 104, and the inquirer system 106 have any particular structure. FIG. 2 is a symbolic block diagram illustrating the structure of a typical computer system which may be used as a user system, an inquirer system or a certification server It comprises a CPU 202 and cache memory 204, both connected to a CPU bus 206. Interface circuitry 208 is also connected to the CPU bus 206. The interface circuitry 208 is further connected to a main memory 210, as well as to two I/O buses: PCI-bus 212 and ISA-bus 214. Connected to the PCI-bus 212 are sound and game controllers 216, a network adapter 232 and a display adapter 218, the last of which is further connected to a monitor 220. Connected to the ISA-bus 214 is a hard disk drive controller 222, a CD-ROM drive controller 224, a floppy disk drive controller 226, various I/O ports 228, and a boot PROM 230. Most of the peripheral components illustrated in FIG. 2 include on-board configuration data which can be read by the CPU 202. In addition, the boot PROM 230 includes a portion which is writeable by the CPU 202 to store configuration data. In general, the software to operate the user system 102, the certification server 104 or the inquirer system 106 is stored on the disk drive controlled by the disk drive controller 222, and brought into main memory 210 as needed for execution. The computer system of FIG. 2 communicates with the other systems of FIG. 1 via the network adapter 232.

FIGS. 3A and 3B in combination are a flow chart illustrating the overall system flow for the embodiment of FIG. 1. The flow chart of FIG. 3A continues in FIG. 3B, as indicated by the circled symbol "B" in both figures.

Referring to FIG. 3A, in a step 310, prior to any purchasing transaction, the user presents his or her identification to the financial clearinghouse or other financial institution which stands behind the certification server 104. Depending on the level of confidence that the financial institution requires in the physical identity of the user, the required identification might be as strict as a biometric measurement, such as fingerprints or a retinal scan, or it may be somewhat less stringent, such as by requiring notarization, a photo I.D., or other mechanism involving some physical presence. In a situation where the financial institution does not need to know the physical identity at all, for example where the financial institution is merely going to be maintaining a debit account and is taking no risk of its own, step 310 can be omitted. For a debit account, the financial institution is concerned only that the user identity be consistent in future transactions, not that the user identity actually be known; it is not necessary to bind the user identity with a physical identity.

In a step 312, the financial institution establishes an account for the user. This may involve depositing some money into a debit account, or it may involve merely creating a record of the user in a database.

In step 314, the user, at the user system 102, creates an original signature for a first user identity in a manner described in more detail hereinafter. The digital signature created in step 314 depends upon both the user system 102 as well as the user's first identity (the user can have more than one virtual identity, if desired).

In a step 316, the user system 102 transmits the original digital signature to the certification server 104 which, in step 318, stores the original digital signature in the signature database 108 in conjunction with the user account.

Some time later, in a step 320, the user browses an on-line catalog, for example, maintained by the merchant system 106, and selects items for purchase. In step 322, the user system 102 transmits the user's payment information to the merchant system 106. Such payment information might include credit card information, or a reference to a debit account previously established at the financial clearinghouse 104. Before authorizing the transaction, the merchant system 106 will first desire certification that the user is in fact the owner of the credit card or debit account.

Accordingly, in a step 324, the merchant system 106 generates a challenge code and transmits it to the user system 102. The challenge code serves as an inquiry to the user system 102 to provide information so that the merchant can verify the identity of the user. The challenge code preferably is generated randomly, but complete randomness is not actually required. The challenge code is also preferably generated just prior to transmission to the user system 102, but in other embodiments, it may have been generated earlier. It will be seen from the further description below that the issuance of a challenge code helps to ensure that the real time digital signature that will next be generated by the user system 102, truly was generated in real time, and is not merely a surreptitious copy of a digital signature previously stored on the user system 102. Different embodiments of the arrangement of FIG. 1 might require different levels of confidence in the currency of the real timegenerated digital signature, and therefore might permit different freedoms in the randomness of the merchant's challenge code or in the currency of generation of the merchant's challenge code.

In a step 326, after the user system 102 receives the challenge code from the merchant system 106, the user system requests a user identity code (e.g., a PIN) from the user. In step 328, the user enters the PIN for his or her first user identity.

In step 330 (FIG. 3B), the user system 102 generates a real time digital signature, in dependence upon the challenge code, the PIN entered with the first user identity, and certain data regarding certain listed components as presently existing in the user system 102. The generation of the real time digital signature in step 330 is described in more detail below.

In step 332, the user system 102 transmits the real time digital signature to the merchant system, which in step 334 further transmits it on to the certification server 104 together with the challenge code and the user's payment information previously supplied. In step 336, the certification server 104 combines the challenge code with the original signature for the first user identity, as stored in the signature database 108, and determines, in step 338, whether the result matches the real time digital signature provided by the user system 102 via the merchant system 106. If the two results match, then the certification result is positive (step 340). If they differ, then the certification result is negative (step 342).

In step 344, the certification server 104 transmits the certification result back to the merchant system 106 which, in step 346, either allows or declines the purchases desired by the user.

Note that any or all of the communications called for in FIG. 1 can be encrypted, digitally signed and/or certified if desired in a given embodiment, although to some extent these precautions might mitigate the advantages obtained by the invention over prior certification mechanisms. By avoiding these precautions, certain requirements of current U.S. export laws can be avoided as well.

As mentioned above, the original digital signature generated by the user system 102 depends upon both the user system 102 itself, as well as a user identity. The user identity may be indicated by, for example, a code or PIN entered by the user via the keyboard. Alternatively, it might be more secure, for example, by a fingerprint or a retinal scan taken by the user system 102 of the user.

The portion of the original digital signature which identifies the user system 102 itself, referred to herein as a user system signature (USS), can be generated in a number of different ways in different embodiments. One embodiment takes advantage of serial numbers or other identifying data which may be present in the user system, and which carry external assurances of substantial uniqueness. That is, many computers when manufactured are assigned a serial number or other indicator which the manufacturer of the computer, or some other authority, guarantees to be unique. For example, Apple MacIntosh computers, when manufactured, are assigned an Ethernet address which is unique to that specific computer. Alternatively, the identifier can be assigned in software, such as in the operating system of the computer. It is not essential that whatever authority assigns the serial number guarantee uniqueness; depending on the level of confidence required by the merchant or the financial clearinghouse, it may be sufficient only that it be extremely unlikely that two computer systems which can act as user systems 102 carry the same identifier. This is the case where, for example, the number carries external assurances of substantial uniqueness, such as in the case of Ethernet addresses.

In another embodiment, the user system signature does not rely on a component having an identifier that carries external assurances of substantial uniqueness. Instead, a plurality of components (hardware or software) are examined to determine individual component signatures. The individual component signatures are then combined to form the overall user system signature, or all of the individual component data is digested together in a single pass. In one embodiment, the individual component signatures are all concatenated together in a predetermined sequence to form the overall user system signature. The individual component signatures may be digested prior to concatenation in order to limit their size to the predefined field size. In another embodiment, optionally after digesting, the individual component signatures are averaged or summed together to form the overall user system signature. The individual component signatures can be weighted prior to combination, in order to reduce the impact on the user system signature that would result from changes in components that are more frequently subject to upgrade or replacement.

In one embodiment, the user system 102 generates the user system signature in dependence upon component signatures from the following components, to the extent present in the system. Except as indicated below, most of the component signatures set forth in this list are readable either from the CMOS or from a configuration manager driver. For PCI or EISA systems, the data can be read from the PCI or EISA board BIOS. The following is only an illustrative list; other embodiments can refer to other components not on this list. In addition, different embodiments may or may not include components which are readily removable by the user.

Hard Disk Drive

drive I.D.

numbers of cylinders, sectors and heads

drive defective sector map (obtained from sector 0)

drive name

drive manufacturer

volume name

Floppy Disk Controller

I/O addresses and settings

interrupt assignments

manufacturer name

Monitor

monitor name

monitor type

Display Adaptor

device name

on-board memory

Mother Board

CPU type

CPU speed

total memory present

total cache present

cache timings (measured empirically)

Ports

I/O addresses and settings

interrupt assignments

Sound, Video and Game Controllers

device name

driver name

driver version

System Devices

CMOS profile

The kinds of identifying data that might be used to generate the individual component signatures can include the manufacturer name, revision number, versionnumber, date, release number, and so on.

In yet another embodiment, a combination of individual component signatures also includes one or more component signatures that carry external assurances of substantial uniqueness, to the extent such a component exists in the machine.

FIG. 4 is a flow chart detail of step 314 in FIG. 3A, within which the user system creates the original digital signature for the first user identity. In a step 410, the user enters his or her PIN for the first user identity. As mentioned, other forms of identification might be used in different embodiments. In step 412, the user system 102 determines whether it has a component which bears an I.D. that carries external assurances of substantial uniqueness. If so, then in step 414, the USS is set equal to that component I.D. In step 416, if the user system 102 does not have a component bearing an I.D. that carries external assurances of substantial uniqueness, or if the embodiment does not utilize such component I.D.s, the user system 102 obtains data regarding each of the listed components as they then exist in the user system 102. In a step 418, the user system 102 digests the different data items and, in step 420, combines the digested data items to form the USS. Any suitable digesting algorithm can be used for the purpose of the digesting step 418 including, for example, an error-correcting code (ECC) generator or the well-known SHA-1 algorithm. The SHA-1 digesting algorithm is described National Institute of Standards and Technology (NIST) FIPS Publication 180: Secure Hash Standard (SHS) (May 1993), as amended by National Institute of Standards and Technology (NIST) Announcement of Weakness in the Secure Hash Standard (May 1994), both incorporated herein by reference. Note that in a different embodiment, the data from the individual components can be combined (e.g., summed, averaged, concatenated together, etc.) without digesting, and only the combined version is digested.

In step 422, the user system 102 combines the USS either from step 420 or from step 414, with the first user identity PIN as entered in step 410, and digests the results again. Again, "combining" can include adding or concatenating the PIN with the USS, or even XOR-ing the PIN with the USS. Note that in a different embodiment, the PIN can be combined with the individual data items earlier in the process of FIG. 4, resulting in only a single digesting step.

FIG. 5 is a flow chart detail of step 330 (FIG. 3B) in which the user system generates the real time signature in dependence upon the challenge code, the PIN for the first user identity, and data regarding listed components as presently existing in the user system 102. The term "real time", as used herein, does not require absolute currency. The term should be interpreted loosely enough to include digital signatures generated recently, but certainly more recently than the time that the original digital signature was generated. For example, instead of the USS/PIN combination being calculated only in response to an inquiry from an inquiring system, an embodiment might request the user's PIN and generate the "real time" USS/PIN combination on system boot. Another embodiment might request the user's PIN and generate the "real time" USS/PIN combination at the beginning of the user's online session, for example when the user's browser software begins executing. Another embodiment might request the user's PIN and generate the "real time" USS/PIN combination only in response to an inquiry, but might then cache it for some period of time thereafter.

Referring to FIG. 5, in step 510, the user system 102 determines whether it has a component bearing an I.D. that carries external assurances of substantial uniqueness. If so, then a real time USS is set equal to such component I.D. (Step 512) If not, or if the embodiment does not utilize components bearing an I.D. that carries external assurances of substantial uniqueness, then in step 514, the user system 102 obtains, in real time, data regarding the listed components as presently existing in the user system 102. In step 516, as in step 418 in the flow chart of FIG. 4, the data items are digested and, in step 518, a real time USS is generated by combining the digested data items. The real time USS is then further digested in step 520 with the PIN entered in step 328 (FIG. 3A) for the first user identity. As with the flow chart of FIG. 4, the combining and digesting steps can be performed with various algorithms in different embodiments. However, the algorithms chosen should be such that the signature, as it exists prior to step 522, should be the same as the original digital signature generated in the procedure of FIG. 4, given identical PINs and identical user system components.

In step 522, the result of step 520 is further combined with the challenge code and digested to produce the real time digital signature that will subsequently be provided to the merchant system 106 in step 332 (FIG. 3B).

It can be seen that the real time digital signature must, in fact, be generated in real time (as that term is used herein) if it is to incorporate the challenge code provided by the merchant system 106. The reliability of the real time signature in assuring that the user system 102 on which it is generated is in fact the same as the user system 102 on which the original digital signature was generated, can be compromised if the user system 102 stores the USS locally in a form that can be pilfered. This risk is minimized, as previously mentioned, by further requiring the user to enter his or her PIN and digesting it together with the USS. The user can still compromise the reliability of the real time digital signature by storing his or her PIN locally on the user system 102, or by storing the original digital signature itself locally on the user system 102, but this is not an advisable procedure. The risk to the merchant 106 or the financial clearinghouse 104 of such a procedure can be minimized, for example by contractually requiring the user to maintain better security procedures, or by contractually assigning liability to the user for any increased risk resulting from inadequate PIN security.

FIG. 6 is a detail of step 336 (FIG. 3B), in which the certification server 104 combines the challenge code with the original signature for the first user identity, as stored in the signature database 108. In step 610, in response to receipt of the information from the merchant system 106, the certification server retrieves the original signature for the first user identity from the signature database 108. In step 612, the certification server combines the original signature with the challenge code provided by the merchant system 106 and digests them together in the same manner as performed in step 522 (FIG. 5).

As previously discussed, in step 338 (FIG. 3B), if the original digital signature as combined (by the certification server 104) with the challenge code provided by the merchant system 106, does not match the real time signature provided by the user system 102, then the certification server has determined either that the user system 102 on which the real time signature was generated is not identical to the user system 102 on which the original digital signature was generated, or that the user identity code entered by the user for the current transaction does not match the user identity code entered by the user at the time of original account establishment. Either conclusion increases the likelihood that the current user is an impostor. According to an aspect of the invention, however, some flexibility can be applied to the determination of whether the user system 102 is the same system on which the original digital signature was generated, allowing for a certain amount component upgrade drift FIG. 7 is a detail of the decision step 338 in FIG. 3B, which accommodates such flexibility

In one such embodiment, the algorithms used to generate the original and real time signatures involve combining undigested individual system component data prior to digesting. At the time of account establishment, in addition to providing the original signature to the certification server 104, the user system 102 also digests individually the component data that was used to generate the original signature, and provides these individual component digests, together with the user's PIN, to the certification server 104 for storage on the signature database 108 in conjunction with the original digital signature. The individual component signatures actually can be digested prior to combining in the generation of the original signature, but in order to minimize the risk from unauthorized access to the signature database 108, the digesting algorithm used to provide the individual component digests to be stored on the signature database 108 should be such that they cannot be used to recreate the original USS.

Referring to FIG. 7, in step 710, the certification server 104 determines whether the original signature and challenge code combination is exactly equal to the real time signature provided through the merchant server 106. If so, then the certification result is positive (step 712). If not, then in step 714, the certification server determines whether the USS was based on a component having external assurances of substantial uniqueness. If so, then no drift is permitted in such a component and the certification result is negative (step 716).

In step 718, if the original signature and challenge code combination is not exactly equal to the real time signature, and individual user system component signatures were used to generate a USS, then in step 718, the certification server 104 requests the individual user system component signatures as they presently exist, from the user system 102 via the merchant 106. In step 720, the user system 102 provides such information via the merchant 106 in the same individually digested form with which they were originally provided and stored on the signature database 108. In step 722, the certification server 104 compares the individually digested real time user system component signatures, newly received, to the individually digested user system component signatures previously stored in the signature database.

In step 724, the certification server 104 determines whether the difference exceeds some predetermined threshold specified, for example, as a number of component signatures which are permitted to have changed If the differences do not exceed the designated threshold, then automatic reauthorization is performed (step 1000). If the differences does exceed the predetermined thresholds then the certification result is negative (step 728).

FIG. 8 is a detail of step 724 (FIG. 7) in which the certification server 104 determines whether the difference between the two sets of individual component signatures exceeds the predetermined threshold. The flow chart set forth in FIG. 8 represents one embodiment in which the threshold is specified as a percentage. In a step 810, the certification server 104 calculates the weighted sum of the real time user system component signatures. In step 812, the certification server calculates the weighted sum of user system component signatures as previously stored in signature database 108. In step 814, the certification server 104 determines whether the difference between the two calculated values exceeds the predetermined percentage threshold. If not, then automatic reauthorization is permitted (step 1000) If so, then the certification result is negative (step 818).

FIG. 9 is a detail of step 724 (FIG. 7) as performed in a second embodiment, in which the maximum upgrade drift flexibility is specified as a maximum number of components whose individual component signatures are permitted to have changed. In a step 910, the certification server counts the number of real time provided component signatures which differ from the corresponding component signatures as previously stored. In step 912, the certification server determines whether the count exceeds the predetermined threshold. If not, then automatic reauthorization is permitted (step 1000). If so, then the certification result is negative (step 916).

FIG. 10 is a flow chart detail of step 1000 (FIGS. 7, 8 and 9). In step 1010, the certification server 104 checks its log to determine whether the user's user identity has received more than a predetermined number of automatic reauthorizations. If so, then the certification result is negative (step 1012) and reauthorization must take place manually. If not, then in step 1014, the certification server digests the newly received predigested component signatures with the user's PIN already on file in the signature database 108. In response to a request by the certification server 104, the user system also digests its newly digested component signatures with the user's PIN, and transmits the result back to the certification server 104 (step 1016). In step 1018, the certification server 104 determines whether the two values are equal. If not, then in step 1020, the certification result is negative and automatic reauthorization is aborted.

If the two numbers are equal, then automatic reauthorization was successful. In order to update the signature database 108, the channel between the user system 102 and a certification server 104 optionally now begins using a secure socket layer (SSL) (step 1022). In step 1024, the user system 102 creates a new original digital signature, using the undigested individual component signatures and the user's PIN, and transmits the result to the certification server 104. In step 1026, the certification server 104 stores the new individually digested component signatures, as well as the new original signature received from step 1024, in conjunction with the user account. In step 1028, the certification server 104 increments the reauthorization count in its log, and in step 1030, the communication channel between user system 102 and certification server 104 exits the SSL protocol. Now that reauthorization has taken place, in step 1032, the certification server notifies the merchant system 106 to retry the transaction. Control then returns to step 324 (FIG. 3A) for the issuance of a new challenge code to the user system 102.

As used herein, steps which take place "in response to" a predecessor event, do so if the predecessor event influenced the performance of such steps. If there is an intervening time period, the performance of the steps can still be considered "respons" to the predecessor event. If the performance of the steps depends on more than one predecessor event, then the steps are considered performed in response to each of the predecessor events.

The foregoing description of preferred embodiments of the present invention has been provided for the purposes of illustration and description. It is not intended to be exhaustive or to limit the invention to the precise forms disclosed. Obviously, many modifications and variations will be apparent to practitioners skilled in this art. For example, whereas the flowcharts described herein illustrate steps being performed in a particular sequence, it will be appreciated that in many instances the sequence of the steps can be reversed, or the steps can be performed in a pipelined, overlapping manner, or both, without departing from the scope of the invention The embodiments herein were chosen and described in order to best explain the principles of the invention and its practical application, thereby enabling others skilled in the art to understand the invention for various embodiments and with various modifications as are suited to the particular use contemplated It is intended that the scope of the invention be defined by the following claims and their equivalents

Claims (38)

I claim:
1. A digital certification method, comprising the steps of:
storing, at a first time, a first signature dependent upon a first user identity and a first user system in combination;
generating, at a second time subsequent to said first time, a second signature dependent upon a second user identity and a second user system in combination; and
certifying, in dependence upon said first and second signatures, whether the combination of said second user identity and said second user system match the combination of said first user identity and said first user system.
2. A method according to claim 1, wherein said step of scoring comprises the step of developing said first signature in dependence upon a first user identity code and in dependence further upon a first group of at least one component as present in said first user system at said first time.
3. A method according to claim 2, wherein said step of developing said first signature comprises the step of obtaining said first user identity code in response to user input.
4. A method according to claim 2, wherein said step of storing further comprises the step of storing said first signature accessibly to a certification server,
and wherein said step of certifying comprises the step of said certification server developing a certification result in dependence upon said first and second signatures.
5. A method according to claim 1, wherein said second user system is said first user system.
6. A method according to claim 1, wherein said step of certifying comprises the step of certifying, in dependence upon said first and second signatures, whether the combination of said second user identity and said second user system match the combination of said first user identity and said first user system, and further that said second signature was generated at a time different from said first time.
7. A method according to claim 6, wherein said step of generating is performed in response to a challenge, wherein said second signature is further dependent upon said challenge, and wherein said step of certifying comprises the step of developing a certification result in dependence upon said first and second signatures and further in dependence upon said challenge.
8. A method according to claim 1, further comprising the step of providing a challenge code, wherein said second signature is further dependent upon said challenge code.
9. A method according to claim 8, wherein said step of certifying comprises the step of developing a certification result in dependence upon said first and second signatures and further in dependence upon said challenge code.
10. A method according to claim 9, wherein said step of storing a first signature comprises the step of storing said first signature accessibly to a certification server,
wherein said step of providing a challenge code comprises the step of an inquiring system providing said challenge code to both said second user system and said certification server,
wherein said step of generating a second signature comprises the step of said second user system generating said second signature, said second signature being provided to said certification server,
and wherein said step of developing a certification result is performed by said certification server.
11. A method according to claim 10, wherein said step of certifying further comprises the step of providing said certification result to said inquiring system.
12. A method according to claim 1, wherein said step of storing a first signature comprises the step of storing said first signature accessibly to a certification server, and wherein said first user system comprises a first group of components, comprising the steps of:
developing a first component signature of each respective component in said first group as present in said first user system at said first time; and
storing said first component signatures accessibly to said certification server.
13. A method according to claim 12, wherein said second user system comprises a second group of components, wherein said first signature is different from said first component signatures, wherein said step of certifying comprises the step of said certification server determining, in dependence upon said first and second signatures, that the combination of said second user identity and said second user system does not match the combination of said first user identity and said first user system, further comprising the steps of:
developing a second component signature of each respective component in said second group as present in said second user system at said second time; and
said certification server comparing said second component signatures with said first component signatures to determine whether said first and second user systems satisfy predetermined drift criteria.
14. A method according to claim 13, wherein said step of comparing comprises the step of determining whether a count of the number of said second component signatures which differ from corresponding first component signatures exceeds a predetermined maximum drift number greater than zero.
15. A method according to claim 13, wherein said step of certifying further comprises the step of determining whether said second user identity code is equal to said first user identity code.
16. A digital certification method, comprising the steps of:
storing, accessibly to a certification server, a first signature of a first user identity on a first user system in dependence upon a first user identity code and in dependence further upon a first group of at least one component as present in said first user system at a first time;
at a second time subsequent to said first time, an inquiring system providing a challenge code to a second user system and said second user system developing a second signature in dependence upon a second user identity code and in dependence further upon a second group of at least one component as present in said second user system at said second time;
providing said challenge code and said second signature to said certification server; and
said certification server developing a certification result in dependence upon said second signature and a combination of said challenge code and said first signature.
17. A method according to claim 16, further comprising the step of communicating said certification result to said inquiring system.
18. A digital certification method, comprising the steps of:
forming, at a first time, a first signature dependent upon a first user identity and a first user system in combination;
providing said first signature to a certification server;
generating, in response to an inquiry from an inquiring system at a second time subsequent to said first time, a second signature dependent upon a second user identity and a second user system in combination; and
providing said second signature for comparison with said first signature.
19. A method according to claim 18, wherein said step of forming a first signature comprises the step of developing said first signature in dependence upon a first user identity code and in dependence further upon a first group of at least one component as present in said first user system at said first time.
20. A method according to claim 19, wherein said step of developing said first signature comprises the step of obtaining said first user identity code in response to user input.
21. A method according to claim 18, wherein said second use system is said first user system.
22. A method according to claim 18, wherein said second signature is further dependent upon said inquiry.
23. A method according to claim 18, wherein said second user system receives a challenge code in conjunction with said inquiry,
and wherein said second signature is further dependent upon said challenge code.
24. A method according to claim 18, wherein said first user system comprises a first group of components,
comprising the steps of:
developing a first component signature of each respective component in said first group as present in said first user system at said first time; and
providing said first component signatures to said certification server.
25. A method according to claim 24, wherein said second user system comprises a second group of components, wherein said first signature is different from said first component signatures, and wherein the combination of said second user identity and said second user system does not match the combination of said first user identity and said first user system, further comprising the steps of:
developing a second component signature of each respective component in said second group as present in said second user system at said second time; and
providing said second component signatures for comparison with said first component signatures.
26. A digital certification method, comprising the steps of:
providing a challenge code to a user system in response to a request for authorization for said user system;
receiving a real time signature from said user system after said step of providing a challenge code;
providing said challenge code and said real time signature to a certification server; and
receiving a certification result from said certification server after said step of providing said challenge code and said real time signature to said certification server.
27. A method according to claim 26, wherein said real time signature is dependent upon a first user identity and said user system in combination.
28. A method according to claim 27, wherein said real time signature is further dependent upon said challenge code.
29. A digital certification method, comprising the steps of:
storing accessibly to a certification server, at a first time, a first signature dependent upon a first user identity and a first user system in combination;
receiving, at a second time subsequent to said first time, a second signature dependent upon a second user identity and a second user system in combination; and
certifying, in dependence upon said first and second signatures, whether the combination of said second user identity and said second user system match the combination of said first user identity and said first user system.
30. A method according to claim 29, wherein said second user system is said first user system.
31. A method according to claim 29, wherein said step of certifying comprises the step of certifying, in dependence upon said first and second signatures, whether the combination of said second user identity and said second user system match the combination of said first user identity and said first user system, and that said second signature was generated at a time different from said first time.
32. A method according to claim 29, further comprising the step of receiving, in conjunction with said step of receiving a second signature, a copy of a challenge code,
wherein said second signature is further dependent upon said challenge code.
33. A method according to claim 32, wherein said step of certifying comprises the step of developing a certification result in dependence upon said first and second signatures and further in dependence upon said challenge code.
34. A method according to claim 29, wherein said step of certifying further comprises the step of providing a certification result to an inquiring system.
35. A method according to claim 29, wherein said first user system comprises a first group of components, comprising the steps of:
receiving a first component signature of each respective component in said first group as present in said first user system at said first time; and
storing said first component signatures accessibly to said certification server.
36. A method according to claim 35, wherein said second user system comprises a second group of components, wherein said first signature is different from said first component signatures, wherein said step of certifying comprises the step of said certification server determining, in dependence upon said first and second signatures, that the combination of said second user identity and said second user system does not match the combination of said first user identity and said first user system, further comprising the steps of:
receiving a second component signature of each respective component in said second group as present in said second user system at said second time; and
said certification server comparing said second component signatures with said first component signatures to determine whether said first and second user systems satisfy predetermined drift criteria.
37. A method according to claim 36, wherein said step of comparing comprises the step of determining whether a count of the number of said second component signatures which differ from corresponding first component signatures exceeds a predetermined maximum drift number greater than zero.
38. A method according to claim 36, wherein said step of certifying further comprises the step of determining whether said second user identity code is equal to said first user identity code.
US08954245 1997-10-20 1997-10-20 Digitally certifying a user identity and a computer system in combination Expired - Lifetime US6026166A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US08954245 US6026166A (en) 1997-10-20 1997-10-20 Digitally certifying a user identity and a computer system in combination

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
US08954245 US6026166A (en) 1997-10-20 1997-10-20 Digitally certifying a user identity and a computer system in combination
JP2000517518A JP2001521329A (en) 1997-10-20 1998-10-20 Digital authentication method combining the user identification and a computer system
CA 2306865 CA2306865C (en) 1997-10-20 1998-10-20 Digitally certifying a user identity and a computer system in combination
PCT/US1998/022162 WO1999021321A1 (en) 1997-10-20 1998-10-20 Digitally certifying a user identity and a computer system in combination
EP19980953774 EP1033010A4 (en) 1997-10-20 1998-10-20 Digitally certifying a user identity and a computer system in combination

Publications (1)

Publication Number Publication Date
US6026166A true US6026166A (en) 2000-02-15

Family

ID=25495150

Family Applications (1)

Application Number Title Priority Date Filing Date
US08954245 Expired - Lifetime US6026166A (en) 1997-10-20 1997-10-20 Digitally certifying a user identity and a computer system in combination

Country Status (5)

Country Link
US (1) US6026166A (en)
EP (1) EP1033010A4 (en)
JP (1) JP2001521329A (en)
CA (1) CA2306865C (en)
WO (1) WO1999021321A1 (en)

Cited By (152)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000046681A1 (en) * 1999-02-08 2000-08-10 Geotrust, Inc. Content certification
US6138119A (en) 1997-02-25 2000-10-24 Intertrust Technologies Corp. Techniques for defining, using and manipulating rights management data structures
WO2000077642A1 (en) * 1999-06-12 2000-12-21 Tara Chand Singhal Method and apparatus for facilitating an anonymous information system and anonymous service transactions
US6243689B1 (en) * 1998-12-29 2001-06-05 Robert G. Norton System and method for authorizing electronic funds transfer at a point of sale
WO2001061913A2 (en) * 2000-02-18 2001-08-23 Verimatrix, Inc. Network-based content distribution system
WO2001067215A2 (en) * 2000-03-06 2001-09-13 Cardinalcommerce Corporation Centralized identity authentication in anl electronic communication network
WO2001073708A2 (en) * 2000-03-29 2001-10-04 Cma Business Credit Services Method and apparatus for admistering one or more value bearing instruments
WO2001073706A1 (en) * 2000-03-28 2001-10-04 Philippe Agnelli Payment system not revealing banking information on the public or quasi-public network
WO2001073709A2 (en) * 2000-03-29 2001-10-04 Cma Business Credit Services Method and apparatus for processing one or more value bearing instruments
FR2811452A1 (en) * 2000-07-07 2002-01-11 Thomson Multimedia Sa System and micropayment transaction management process, customer devices, merchant and financial intermediary
EP1182625A1 (en) * 2000-08-25 2002-02-27 TELEFONAKTIEBOLAGET LM ERICSSON (publ) Introduction of an electronic payment transaction
WO2002030039A1 (en) * 2000-10-05 2002-04-11 France Telecom Sa Method for authenticating an electronic document
WO2002029742A1 (en) * 2000-10-05 2002-04-11 Societe Ntsys Sa Secure internet paying agent with mobile telephone validation
US20020042879A1 (en) * 2000-10-10 2002-04-11 Gould Terry A. Electronic signature system
US20020046189A1 (en) * 2000-10-12 2002-04-18 Hitachi, Ltd. Payment processing method and system
US20020052193A1 (en) * 2000-10-31 2002-05-02 Chetty Vijay Raghavan Universal portable unit
US20020053018A1 (en) * 2000-06-12 2002-05-02 Kenji Ota Apparatus and method to identify computer system
WO2002044843A2 (en) * 2000-11-28 2002-06-06 Endeavors Technology, Inc. Systems and methods for conducting electronic media transactions
US20020073046A1 (en) * 1999-07-30 2002-06-13 David Sancho Enrique System and method for secure network purchasing
US20020083183A1 (en) * 2000-11-06 2002-06-27 Sanjay Pujare Conventionally coded application conversion system for streamed delivery and execution
US20020087883A1 (en) * 2000-11-06 2002-07-04 Curt Wohlgemuth Anti-piracy system for remotely served computer applications
US20020112174A1 (en) * 2000-12-18 2002-08-15 Yager David Frank Security code activated access control system
US20020141586A1 (en) * 2001-03-29 2002-10-03 Aladdin Knowledge Systems Ltd. Authentication employing the bluetooth communication protocol
WO2002082716A1 (en) * 2001-04-02 2002-10-17 Geotrust, Inc. Validating content
US20030004882A1 (en) * 2000-11-06 2003-01-02 Holler Anne Marie Optimized server for streamed applications
US6505193B1 (en) * 1999-12-01 2003-01-07 Iridian Technologies, Inc. System and method of fast biometric database searching using digital certificates
US20030009662A1 (en) * 2001-05-22 2003-01-09 International Business Machines Corporation Password exposure elimination for digital signature coupling with a host identity
US20030023878A1 (en) * 2001-03-28 2003-01-30 Rosenberg Jonathan B. Web site identity assurance
US20030069792A1 (en) * 2000-01-24 2003-04-10 Smarttrust Systems Oy System and method for effecting secure online payment using a client payment card
FR2831297A1 (en) * 2001-10-22 2003-04-25 Bosch Gmbh Robert Method of provision of service by service provider over communication network, uses secret key sent to user to encrypt part of offer of service which is returned to provider as evidence of correct identification of user
US20030093665A1 (en) * 2001-06-22 2003-05-15 Cooper Robin Ross Method and system for protecting ownership rights of digital content files
US20030097579A1 (en) * 2001-11-16 2003-05-22 Paul England Manifest-based trusted agent management in a trusted operating system environment
US20030097578A1 (en) * 2001-11-16 2003-05-22 Paul England Operating system upgrades in a trusted operating system environment
US20030097558A1 (en) * 2001-11-16 2003-05-22 Paul England Transferring application secrets in a trusted operating system environment
US20030126431A1 (en) * 2001-10-12 2003-07-03 Beattie Douglas D. Methods and systems for automated authentication, processing and issuance of digital certificates
WO2003061186A1 (en) * 2002-01-07 2003-07-24 Fusion Arc, Inc. Identity verification method using a central biometric authority
US6612928B1 (en) 2001-02-15 2003-09-02 Sierra Design Group Player identification using biometric data in a gaming environment
US20030196099A1 (en) * 1998-10-26 2003-10-16 Lampson Butler W. System and method for secure storage of data using public and private keys
US20030196111A1 (en) * 1998-10-26 2003-10-16 Lampson Butler W. Attesting to a value of a register and/or memory region
US20030200450A1 (en) * 2002-04-17 2003-10-23 Paul England Saving and retrieving data based on public key encryption
US20030200440A1 (en) * 2002-04-17 2003-10-23 Paul England Saving and retrieving data based on symmetric key encryption
US20030200468A1 (en) * 2000-08-28 2003-10-23 Contentguard Holdings, Inc. Method and apparatus for preserving customer identity in on-line transactions
US6647126B1 (en) * 2000-01-28 2003-11-11 Eastman Kodak Company Authorizing the production of visual images from digital images
US20030233327A1 (en) * 2002-06-12 2003-12-18 Cardinal Commerce Corporation Universal merchant platform for payment authentication
US20040015694A1 (en) * 1998-10-26 2004-01-22 Detreville John Method and apparatus for authenticating an open system application to a portable IC device
US20040044906A1 (en) * 1999-04-06 2004-03-04 Paul England Secure execution of program code
WO2004023712A1 (en) * 2002-09-09 2004-03-18 U.S. Encode Corporation Systems and methods for secure authentication of electronic transactions
US6735694B1 (en) * 1997-11-21 2004-05-11 International Business Machines Corporation Method and system for certifying authenticity of a web page copy
US20040104265A1 (en) * 2002-11-28 2004-06-03 Fujitsu Limited Personal identification terminal and method having selectable identification means or identification levels
US20040117321A1 (en) * 1999-07-30 2004-06-17 Sancho Enrique David System and method for secure network purchasing
US6757824B1 (en) 1999-12-10 2004-06-29 Microsoft Corporation Client-side boot domains and boot rules
US20040254890A1 (en) * 2002-05-24 2004-12-16 Sancho Enrique David System method and apparatus for preventing fraudulent transactions
US6851049B1 (en) * 2000-10-02 2005-02-01 Pgp Corporation Method and apparatus for facilitating secure anonymous email recipients
US6854056B1 (en) * 2000-09-21 2005-02-08 International Business Machines Corporation Method and system for coupling an X.509 digital certificate with a host identity
US20050033702A1 (en) * 2002-09-09 2005-02-10 John Holdsworth Systems and methods for authentication of electronic transactions
US20050050437A1 (en) * 2001-07-25 2005-03-03 Jean-Luc Giraud Method for protecting personal data read in a terminal station by a server
US6876986B1 (en) * 2000-10-30 2005-04-05 Hewlett-Packard Development Company, L.P. Transaction payment system
US20050097332A1 (en) * 2003-09-12 2005-05-05 Tatsuya Imai Communications apparatus, communications system, and method of setting certificate
US20050125686A1 (en) * 2003-12-05 2005-06-09 Brandt William M. Method and system for preventing identity theft in electronic communications
US20050144476A1 (en) * 2000-11-22 2005-06-30 Microsoft Corporation Method and system for allowing code to be securely intialized in a computer
US6934838B1 (en) * 1998-06-01 2005-08-23 Entrust Technologies Ltd. Method and apparatus for a service provider to provide secure services to a user
US6938022B1 (en) 1999-06-12 2005-08-30 Tara C. Singhal Method and apparatus for facilitating an anonymous information system and anonymous service transactions
US20050203843A1 (en) * 2004-03-12 2005-09-15 Wood George L. Internet debit system
US20050216669A1 (en) * 2002-12-20 2005-09-29 Data Domain, Inc. Efficient data storage system
US20050251688A1 (en) * 1999-05-14 2005-11-10 Nanavati Samir H Identity verification method using a central biometric authority
US20050283443A1 (en) * 2004-06-16 2005-12-22 Hardt Dick C Auditable privacy policies in a distributed hierarchical identity management system
US20060005020A1 (en) * 2004-06-16 2006-01-05 Sxip Networks Srl Graduated authentication in an identity management system
US20060005263A1 (en) * 2004-06-16 2006-01-05 Sxip Networks Srl Distributed contact information management
US20060048136A1 (en) * 2004-08-25 2006-03-02 Vries Jeff D Interception-based resource detection system
US20060048211A1 (en) * 2004-06-14 2006-03-02 Greg Pierson Network security and fraud detection system and method
US20060053158A1 (en) * 1997-02-25 2006-03-09 Intertrust Technologies Corp. Techniques for defining, using and manipulating rights management data structures
US7058969B2 (en) * 2001-05-10 2006-06-06 Michael Anthimos Sambati Recognition system
US20060123185A1 (en) * 2004-11-13 2006-06-08 De Vries Jeffrey Streaming from a media device
US20060129820A1 (en) * 2004-12-09 2006-06-15 International Business Machines Corporation Object oriented program communication system with an object for sending a certification of the existence of events justifying response actions
US20060200425A1 (en) * 2000-08-04 2006-09-07 Enfotrust Networks, Inc. Single sign-on for access to a central data repository
US20060218165A1 (en) * 2005-03-23 2006-09-28 Vries Jeffrey De Explicit overlay integration rules
US20060230175A1 (en) * 2005-03-23 2006-10-12 De Vries Jeffrey System and method for tracking changes to files in streaming applications
US7139915B2 (en) 1998-10-26 2006-11-21 Microsoft Corporation Method and apparatus for authenticating an open system application to a portable IC device
US20070013610A1 (en) * 2000-08-15 2007-01-18 Mooney Philip D Wireless security badge
US7197144B1 (en) * 1999-06-08 2007-03-27 Ethos Technologies, Inc. Method and apparatus to authenticate a user's system to prevent unauthorized use of software products distributed to users
US7237257B1 (en) * 2001-04-11 2007-06-26 Aol Llc Leveraging a persistent connection to access a secured service
US7240162B2 (en) 2004-10-22 2007-07-03 Stream Theory, Inc. System and method for predictive streaming
US20080016103A1 (en) * 1997-02-25 2008-01-17 Intertrust Technologies Corp. Techniques for Defining, Using and Manipulating Rights Management Data Structures
US20080077796A1 (en) * 2006-09-27 2008-03-27 Craig Lund System and method for facilitating secure online transactions
US20080077791A1 (en) * 2006-09-27 2008-03-27 Craig Lund System and method for secured network access
US20080091859A1 (en) * 2006-10-17 2008-04-17 Hon Hai Precision Industry Co., Ltd. Test Method for verifying installation validity of a PCI device on an electronic device
US20080097918A1 (en) * 2002-05-07 2008-04-24 Spector Mark B Internet-based, customizable clinical information system
US20080104684A1 (en) * 2006-10-25 2008-05-01 Iovation, Inc. Creating and verifying globally unique device-specific identifiers
US20080109876A1 (en) * 2006-10-23 2008-05-08 Endeavors Technologies, Inc. Rule-based application access management
US20080127305A1 (en) * 2002-05-29 2008-05-29 Raf Technology, Inc. Authentication query strategizer and results compiler
US20080134346A1 (en) * 2004-08-05 2008-06-05 Yeong-Sub Cho Transactions Certification Method And System To Protect Privacy On Details Of Electronic Transactions
US20080178298A1 (en) * 2001-02-14 2008-07-24 Endeavors Technology, Inc. Intelligent network streaming and execution system for conventionally coded applications
US7426750B2 (en) 2000-02-18 2008-09-16 Verimatrix, Inc. Network-based content distribution system
US20080270302A1 (en) * 2007-04-27 2008-10-30 American Express Travel Related Services Co., Inc. User experience on mobile phone
US20080270301A1 (en) * 2007-04-27 2008-10-30 American Express Travel Related Services Co., Inc. Mobile payment system and method
US20080268811A1 (en) * 2007-04-27 2008-10-30 American Express Travel Related Services Co., Inc. Payment application download to mobile phone and phone personalization
US20080270300A1 (en) * 2007-04-27 2008-10-30 American Express Travel Related Services Company, Inc. System and method for performing person-to-person funds transfers via wireless communications
US7451196B1 (en) 2000-12-15 2008-11-11 Stream Theory, Inc. Method and system for executing a software application in a virtual environment
US20080313467A1 (en) * 2004-05-18 2008-12-18 Silverbrook Research Pty Ltd Authentication Processor Using a Signature Encoded in a Number of Data Portions
US20090025080A1 (en) * 2006-09-27 2009-01-22 Craig Lund System and method for authenticating a client to a server via an ipsec vpn and facilitating a secure migration to ssl vpn remote access
US7493497B1 (en) 2000-02-03 2009-02-17 Integrated Information Solutions Digital identity device
US20090094170A1 (en) * 2005-09-02 2009-04-09 Anne Mercier Mohn Methods and systems for financial account management
US20090119644A1 (en) * 2007-11-07 2009-05-07 Endeavors Technologies, Inc. Deriving component statistics for a stream enabled application
US20090119505A1 (en) * 2005-05-10 2009-05-07 Dts Ltd. Transaction method and verification method
US20090119458A1 (en) * 2007-11-07 2009-05-07 Endeavors Technologies, Inc. Opportunistic block transmission with time constraints
US20090125446A1 (en) * 2001-07-10 2009-05-14 American Express Travel Related Services Company, Inc. System and Method for Secure Transactions Manageable by a Transaction Account Provider
US20090140839A1 (en) * 2001-07-10 2009-06-04 American Express Travel Related Services Company, Inc. Systems and methods for non-traditional payment using biometric data
US20090177334A1 (en) * 2008-01-04 2009-07-09 Dell Products L.P. Method and System for Managing the Power Consumption of an Information Handling System
US20090178129A1 (en) * 2008-01-04 2009-07-09 Microsoft Corporation Selective authorization based on authentication input attributes
US20090198617A1 (en) * 2007-07-27 2009-08-06 Ntt Docomo, Inc. Method and apparatus for performing delegated transactions
US7577751B2 (en) 1997-06-16 2009-08-18 Stream Theory, Inc./Endeavors Technologies, Inc. Software streaming system and method
US20090210293A1 (en) * 2000-08-04 2009-08-20 Nick Steele Information transactions over a network
US20090228703A1 (en) * 2008-03-10 2009-09-10 Garret Grajek System and method for configuring a valid duration period for a digital certificate
US20090240936A1 (en) * 2008-03-20 2009-09-24 Mark Lambiase System and method for storing client-side certificate credentials
US20090307486A1 (en) * 2008-06-09 2009-12-10 Garret Grajek System and method for secured network access utilizing a client .net software component
US20090313147A1 (en) * 2008-06-03 2009-12-17 Balasubramanian Chandra S Alternative payment implementation for electronic retailers
US7650314B1 (en) * 2001-05-25 2010-01-19 American Express Travel Related Services Company, Inc. System and method for securing a recurrent billing transaction
US20100017845A1 (en) * 2008-07-18 2010-01-21 Microsoft Corporation Differentiated authentication for compartmentalized computing resources
US20100050233A1 (en) * 2000-10-30 2010-02-25 Raf Technology, Inc. Verification engine for user authentication
US20100058013A1 (en) * 2008-08-26 2010-03-04 Vault Usa, Llc Online backup system with global two staged deduplication without using an indexing database
US7676433B1 (en) 2005-03-24 2010-03-09 Raf Technology, Inc. Secure, confidential authentication with private data
US7694135B2 (en) 2004-07-16 2010-04-06 Geotrust, Inc. Security systems and services to provide identity and uniform resource identifier verification
US20100138907A1 (en) * 2008-12-01 2010-06-03 Garret Grajek Method and system for generating digital certificates and certificate signing requests
US20100169215A1 (en) * 2002-06-12 2010-07-01 Cardinalcommerce Corporation Universal merchant platform for payment authentication
US7779457B2 (en) 2004-06-09 2010-08-17 Identifid, Inc Identity verification system
US20100217975A1 (en) * 2009-02-25 2010-08-26 Garret Grajek Method and system for secure online transactions with message-level validation
US20100257358A1 (en) * 2009-04-07 2010-10-07 Garret Grajek Identity-based certificate management
US20100332267A1 (en) * 2009-06-24 2010-12-30 Craig Stephan Etchegoyen System and Method for Preventing Multiple Online Purchases
US20100332396A1 (en) * 2009-06-24 2010-12-30 Craig Stephen Etchegoyen Use of Fingerprint with an On-Line or Networked Auction
US20100332400A1 (en) * 2009-06-24 2010-12-30 Craig Stephen Etchegoyen Use of Fingerprint with an On-Line or Networked Payment Authorization System
US20110119747A1 (en) * 2009-11-17 2011-05-19 Mark Lambiase Single sign on with multiple authentication factors
US20110167002A1 (en) * 2002-06-12 2011-07-07 Cardinalcommerce Corporation Universal merchant platform for payment authentication
US8001054B1 (en) 2001-07-10 2011-08-16 American Express Travel Related Services Company, Inc. System and method for generating an unpredictable number using a seeded algorithm
US20110209208A1 (en) * 2010-02-25 2011-08-25 Allen Yu Quach Security device provisioning
US20110270741A1 (en) * 2010-05-03 2011-11-03 Symbol Technologies, Inc. Universal payment module systems and methods for mobile computing devices
US8260806B2 (en) 2000-08-04 2012-09-04 Grdn. Net Solutions, Llc Storage, management and distribution of consumer information
US8407382B2 (en) 2007-07-06 2013-03-26 Imation Corp. Commonality factoring for removable media
US20130276115A1 (en) * 2012-04-01 2013-10-17 Alibaba Group Holding Limited Network virtual user risk control method and system
US8600830B2 (en) 2003-02-05 2013-12-03 Steven M. Hoffberg System and method for providing a payment to a non-winning auction participant
US8621625B1 (en) * 2008-12-23 2013-12-31 Symantec Corporation Methods and systems for detecting infected files
US8676684B2 (en) 2010-04-12 2014-03-18 Iovation Inc. System and method for evaluating risk in fraud prevention
US20140172690A1 (en) * 2012-12-17 2014-06-19 Sas Institute Inc. Systems and Methods For Matching Domain Specific Transactions
US8762210B2 (en) 2008-06-03 2014-06-24 Cardinalcommerce Corporation Alternative payment implementation for electronic retailers
US20140298434A1 (en) * 2013-03-29 2014-10-02 Navteq B.V. Enhancing the Security of Near-Field Communication
US8904181B1 (en) 2001-03-23 2014-12-02 David P. Felsher System and method for secure three-party communications
US20150168937A1 (en) * 2012-10-16 2015-06-18 Rockwell Automation Technologies, Inc. Industrial automation equipment and machine procedure simulation
US9122878B1 (en) 2012-06-28 2015-09-01 Emc Corporation Software license management with drifting component
US9183560B2 (en) 2010-05-28 2015-11-10 Daniel H. Abelow Reality alternate
US9485607B2 (en) 2013-05-14 2016-11-01 Nokia Technologies Oy Enhancing the security of short-range communication in connection with an access control device
US9628875B1 (en) 2011-06-14 2017-04-18 Amazon Technologies, Inc. Provisioning a device to be an authentication device
US9639825B1 (en) * 2011-06-14 2017-05-02 Amazon Technologies, Inc. Securing multifactor authentication
US9794797B2 (en) 2005-10-04 2017-10-17 Steven M. Hoffberg Multifactorial optimization system and method

Families Citing this family (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8117125B1 (en) * 1999-06-11 2012-02-14 Citicorp Developement Center, Inc. Method and system for controlling certificate based open payment transactions
US7249097B2 (en) 1999-06-18 2007-07-24 Echarge Corporation Method for ordering goods, services, and content over an internetwork using a virtual payment account
WO2000079452A8 (en) * 1999-06-18 2001-12-27 Echarge Corp Method and apparatus for ordering goods, services and content over an internetwork using a virtual payment account
WO2001016900A3 (en) * 1999-08-31 2001-10-04 American Express Travel Relate Methods and apparatus for conducting electronic transactions
US7343351B1 (en) 1999-08-31 2008-03-11 American Express Travel Related Services Company, Inc. Methods and apparatus for conducting electronic transactions
US6895391B1 (en) * 1999-11-09 2005-05-17 Arcot Systems, Inc. Method and system for secure authenticated payment on a computer network
US6453301B1 (en) 2000-02-23 2002-09-17 Sony Corporation Method of using personal device with internal biometric in conducting transactions over a network
FI109253B (en) * 2000-08-22 2002-06-14 Smarttrust Systems Oy Certified Identity Chain
WO2002046976A1 (en) * 2000-12-06 2002-06-13 Internet Pay Master Corporation Limited System and method for third party facilitation of electronic payments over a network of computers
GB2400962B (en) * 2001-05-02 2004-12-29 Virtual Access Ltd Secure payment method and system
USRE45416E1 (en) 2001-07-10 2015-03-17 Xatra Fund Mx, Llc Processing an RF transaction using a routing number
US7360689B2 (en) 2001-07-10 2008-04-22 American Express Travel Related Services Company, Inc. Method and system for proffering multiple biometrics for use with a FOB
US9454752B2 (en) 2001-07-10 2016-09-27 Chartoleaux Kg Limited Liability Company Reload protocol at a transaction processing entity
GB0119629D0 (en) 2001-08-10 2001-10-03 Cryptomathic As Data certification method and apparatus
US20030156740A1 (en) * 2001-10-31 2003-08-21 Cross Match Technologies, Inc. Personal identification device using bi-directional authorization for access control
DE10203471A1 (en) * 2002-01-16 2003-07-24 Bosch Gmbh Robert Method for providing services of a service provider
JPWO2004100444A1 (en) * 2003-05-09 2006-07-13 富士通株式会社 Signature reliability verification method, signature reliability verification program and a data communication system
JP5305760B2 (en) * 2008-07-02 2013-10-02 三菱電機株式会社 Execution determination unit and execution determination system
GB201401188D0 (en) * 2014-01-24 2014-03-12 Breen Raymond Secure mobile wireless communications platform

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5721780A (en) * 1995-05-31 1998-02-24 Lucent Technologies, Inc. User-transparent security method and apparatus for authenticating user terminal access to a network
US5774550A (en) * 1994-04-01 1998-06-30 Mercedes-Benz Ag Vehicle security device with electronic use authorization coding
US5796840A (en) * 1994-05-31 1998-08-18 Intel Corporation Apparatus and method for providing secured communications

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5774550A (en) * 1994-04-01 1998-06-30 Mercedes-Benz Ag Vehicle security device with electronic use authorization coding
US5796840A (en) * 1994-05-31 1998-08-18 Intel Corporation Apparatus and method for providing secured communications
US5721780A (en) * 1995-05-31 1998-02-24 Lucent Technologies, Inc. User-transparent security method and apparatus for authenticating user terminal access to a network

Non-Patent Citations (18)

* Cited by examiner, † Cited by third party
Title
"What Is" online encyclopedia, definition for "digital cash", World Wide Web page, URL=http://whatis.com/digitalc.htm, visited Oct. 20, 1997.
"What Is" online encyclopedia, definition for "SET (Secure Electronic Transactions)", World Wide Web page, URL=http://whatis.com/set.htm, visited Oct. 20, 1997.
Ellison, Carl M., "Establishing Identity Without Certification Authorities", World Wide Web page, URL=http://www.clark.net/pub/cme/usenix.html, visited Oct. 20, 1997.
Ellison, Carl M., "Generalized Certificates", World Wide Web page, URL=http://www.clark.net/pub/cme/html/cert.html, visited Oct. 20, 1997.
Ellison, Carl M., "Simple Public Key Certificate", World Wide Web page, URL=http://www.clark.net/pub/cme/spki.txt, visited Oct. 20, 1997.
Ellison, Carl M., Establishing Identity Without Certification Authorities , World Wide Web page, URL http://www.clark.net/pub/cme/usenix.html, visited Oct. 20, 1997. *
Ellison, Carl M., Generalized Certificates , World Wide Web page, URL http://www.clark.net/pub/cme/html/cert.html, visited Oct. 20, 1997. *
Ellison, Carl M., Simple Public Key Certificate , World Wide Web page, URL http://www.clark.net/pub/cme/spki.txt, visited Oct. 20, 1997. *
Rivest, Ronald L., et al., "SDSI--A Simple Distributed Security Infrastructure", World Wide Web page, URL=http://theory.lcs.mit.edu/˜rivest/sdsi10.html, visited Oct. 20, 1997.
Rivest, Ronald L., et al., SDSI A Simple Distributed Security Infrastructure , World Wide Web page, URL http://theory.lcs.mit.edu/ rivest/sdsi10.html, visited Oct. 20, 1997. *
RSA Laboratories, Inc., "Question 123. What are Certificates?", World Wide Web page, URL=http://www.rsa.com/rsalabs/newfaq/q123.html, visited Oct. 20, 1997.
RSA Laboratories, Inc., "Question 129. What are Certificate Revocation Lists (CRLs)?", World Wide Web page, URL=http://://www.rsa.com/rsalabs/newfaq/q129.html, visited Oct. 20, 1997.
RSA Laboratories, Inc., Question 123. What are Certificates , World Wide Web page, URL http://www.rsa.com/rsalabs/newfaq/q123.html, visited Oct. 20, 1997. *
RSA Laboratories, Inc., Question 129. What are Certificate Revocation Lists (CRLs) , World Wide Web page, URL http://://www.rsa.com/rsalabs/newfaq/q129.html, visited Oct. 20, 1997. *
VeriSign, Inc., Digital ID Center, "Frequently Asked Questions", World Wide Web page, URL=http://digitalid.verisign..com/id faqs.htm, visited Oct. 20, 1997.
VeriSign, Inc., Digital ID Center, Frequently Asked Questions , World Wide Web page, URL http://digitalid.verisign..com/id faqs.htm, visited Oct. 20, 1997. *
What Is online encyclopedia, definition for digital cash , World Wide Web page, URL http://whatis.com/digitalc.htm, visited Oct. 20, 1997. *
What Is online encyclopedia, definition for SET (Secure Electronic Transactions) , World Wide Web page, URL http://whatis.com/set.htm, visited Oct. 20, 1997. *

Cited By (378)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080016103A1 (en) * 1997-02-25 2008-01-17 Intertrust Technologies Corp. Techniques for Defining, Using and Manipulating Rights Management Data Structures
US6138119A (en) 1997-02-25 2000-10-24 Intertrust Technologies Corp. Techniques for defining, using and manipulating rights management data structures
US20080114790A1 (en) * 1997-02-25 2008-05-15 Intertrust Technolgies Corp. Techniques for Defining, Using and Manipulating Rights Management Data Structures
US20060053158A1 (en) * 1997-02-25 2006-03-09 Intertrust Technologies Corp. Techniques for defining, using and manipulating rights management data structures
US7577751B2 (en) 1997-06-16 2009-08-18 Stream Theory, Inc./Endeavors Technologies, Inc. Software streaming system and method
US9578075B2 (en) 1997-06-16 2017-02-21 Numecent Holdings, Inc. Software streaming system and method
US9094480B2 (en) 1997-06-16 2015-07-28 Numecent Holdings, Inc. Software streaming system and method
US20100023640A1 (en) * 1997-06-16 2010-01-28 Stream Theory, Inc. Software streaming system and method
US8509230B2 (en) 1997-06-16 2013-08-13 Numecent Holdings, Inc. Software streaming system and method
US6735694B1 (en) * 1997-11-21 2004-05-11 International Business Machines Corporation Method and system for certifying authenticity of a web page copy
US6934838B1 (en) * 1998-06-01 2005-08-23 Entrust Technologies Ltd. Method and apparatus for a service provider to provide secure services to a user
US7434263B2 (en) 1998-10-26 2008-10-07 Microsoft Corporation System and method for secure storage data using a key
US7356682B2 (en) 1998-10-26 2008-04-08 Microsoft Corporation Attesting to a value of a register and/or memory region
US7194092B1 (en) 1998-10-26 2007-03-20 Microsoft Corporation Key-based secure storage
US7139915B2 (en) 1998-10-26 2006-11-21 Microsoft Corporation Method and apparatus for authenticating an open system application to a portable IC device
US20050289067A1 (en) * 1998-10-26 2005-12-29 Microsoft Corporation System and method for secure storage of data using a key
US7415620B2 (en) 1998-10-26 2008-08-19 Microsoft Corporation System and method for authenticating an operating system to a central processing unit, providing the CPU/OS with secure storage, and authenticating the CPU/OS to a third party
US7424606B2 (en) 1998-10-26 2008-09-09 Microsoft Corporation System and method for authenticating an operating system
US7302709B2 (en) 1998-10-26 2007-11-27 Microsoft Corporation Key-based secure storage
US20070118738A1 (en) * 1998-10-26 2007-05-24 Microsoft Corporation System and Method for Authenticating an Operating System to a Central Processing Unit, Providing the CPU/OS with Secure Storage, and Authenticating the CPU/OS to a Third Party
US20040015694A1 (en) * 1998-10-26 2004-01-22 Detreville John Method and apparatus for authenticating an open system application to a portable IC device
US7457412B2 (en) * 1998-10-26 2008-11-25 Microsoft Corporation System and method for authenticating an operating system to a central processing unit, providing the CPU/OS with secure storage, and authenticating the CPU/OS to a third party
US20030196111A1 (en) * 1998-10-26 2003-10-16 Lampson Butler W. Attesting to a value of a register and/or memory region
US20030196110A1 (en) * 1998-10-26 2003-10-16 Lampson Butler W. Boot blocks for software
US20030194094A1 (en) * 1998-10-26 2003-10-16 Lampson Butler W. System and method for secure storage data using a key
US20030196085A1 (en) * 1998-10-26 2003-10-16 Lampson Butler W. System and method for authenticating an operating system
US20030196099A1 (en) * 1998-10-26 2003-10-16 Lampson Butler W. System and method for secure storage of data using public and private keys
US7529919B2 (en) 1998-10-26 2009-05-05 Microsoft Corporation Boot blocks for software
US7543336B2 (en) 1998-10-26 2009-06-02 Microsoft Corporation System and method for secure storage of data using public and private keys
US20060021064A1 (en) * 1998-10-26 2006-01-26 Microsoft Corporation Key-based secure storage
US20070104329A1 (en) * 1998-10-26 2007-05-10 Microsoft Corporation System and Method for Authenticating an Operating System to a Central Processing Unit, Providing the CPU/OS with Secure Storage, and Authenticating the CPU/OS to a Third Party
US7010684B2 (en) 1998-10-26 2006-03-07 Microsoft Corporation Method and apparatus for authenticating an open system application to a portable IC device
US6243689B1 (en) * 1998-12-29 2001-06-05 Robert G. Norton System and method for authorizing electronic funds transfer at a point of sale
WO2000046681A1 (en) * 1999-02-08 2000-08-10 Geotrust, Inc. Content certification
US7174457B1 (en) * 1999-03-10 2007-02-06 Microsoft Corporation System and method for authenticating an operating system to a central processing unit, providing the CPU/OS with secure storage, and authenticating the CPU/OS to a third party
US20040044906A1 (en) * 1999-04-06 2004-03-04 Paul England Secure execution of program code
US7020772B2 (en) 1999-04-06 2006-03-28 Microsoft Corporation Secure execution of program code
US20050251688A1 (en) * 1999-05-14 2005-11-10 Nanavati Samir H Identity verification method using a central biometric authority
US7246244B2 (en) 1999-05-14 2007-07-17 Fusionarc, Inc. A Delaware Corporation Identity verification method using a central biometric authority
US20070234067A1 (en) * 1999-05-14 2007-10-04 Fusionarc, Inc. A Delaware Corporation Identity verfication method using a central biometric authority
US7197144B1 (en) * 1999-06-08 2007-03-27 Ethos Technologies, Inc. Method and apparatus to authenticate a user's system to prevent unauthorized use of software products distributed to users
US6938022B1 (en) 1999-06-12 2005-08-30 Tara C. Singhal Method and apparatus for facilitating an anonymous information system and anonymous service transactions
WO2000077642A1 (en) * 1999-06-12 2000-12-21 Tara Chand Singhal Method and apparatus for facilitating an anonymous information system and anonymous service transactions
US20050108177A1 (en) * 1999-07-30 2005-05-19 Sancho Enrique D. System and method for secure network purchasing
US20040117321A1 (en) * 1999-07-30 2004-06-17 Sancho Enrique David System and method for secure network purchasing
US20020073046A1 (en) * 1999-07-30 2002-06-13 David Sancho Enrique System and method for secure network purchasing
US7366702B2 (en) 1999-07-30 2008-04-29 Ipass Inc. System and method for secure network purchasing
US6505193B1 (en) * 1999-12-01 2003-01-07 Iridian Technologies, Inc. System and method of fast biometric database searching using digital certificates
US7512786B2 (en) 1999-12-10 2009-03-31 Microsoft Corporation Client-side boot domains and boot rules
US6757824B1 (en) 1999-12-10 2004-06-29 Microsoft Corporation Client-side boot domains and boot rules
US6978365B2 (en) 1999-12-10 2005-12-20 Microsoft Corporation Client-side boot domains and boot rules
US20050097328A1 (en) * 1999-12-10 2005-05-05 Microsoft Corporation Client-side boot domains and boot rules
US20030069792A1 (en) * 2000-01-24 2003-04-10 Smarttrust Systems Oy System and method for effecting secure online payment using a client payment card
US6647126B1 (en) * 2000-01-28 2003-11-11 Eastman Kodak Company Authorizing the production of visual images from digital images
US8489896B2 (en) 2000-02-03 2013-07-16 Integrated Information Solutions Digital identity device
US8489895B2 (en) 2000-02-03 2013-07-16 Integrated Information Solutions Microprocessor identity device
US7493497B1 (en) 2000-02-03 2009-02-17 Integrated Information Solutions Digital identity device
US7885899B1 (en) 2000-02-08 2011-02-08 Ipass Inc. System and method for secure network purchasing
US20090037388A1 (en) * 2000-02-18 2009-02-05 Verimatrix, Inc. Network-based content distribution system
WO2001061913A3 (en) * 2000-02-18 2002-06-27 Verimatrix Inc Network-based content distribution system
US7426750B2 (en) 2000-02-18 2008-09-16 Verimatrix, Inc. Network-based content distribution system
WO2001061913A2 (en) * 2000-02-18 2001-08-23 Verimatrix, Inc. Network-based content distribution system
US20100325694A1 (en) * 2000-03-06 2010-12-23 Cardinalcommerce Corporation Centralized identity authentication for electronic communication networks
US9990627B2 (en) 2000-03-06 2018-06-05 Cardinalcommerce Corporation Centralized identity authentication for electronic communication networks
WO2001067215A3 (en) * 2000-03-06 2003-03-06 Cardinalcommerce Corp Centralized identity authentication in anl electronic communication network
US10019712B2 (en) 2000-03-06 2018-07-10 Cardinalcommerce Corporation Centralized identity authentication for electronic communication networks
US10032165B2 (en) 2000-03-06 2018-07-24 Cardinalcommerce Corporation Centralized identity authentication for electronic communication networks
US10032166B2 (en) 2000-03-06 2018-07-24 Cardinalcommerce Corporation Centralized identity authentication for electronic communication networks
US7140036B2 (en) 2000-03-06 2006-11-21 Cardinalcommerce Corporation Centralized identity authentication for electronic communication networks
WO2001067215A2 (en) * 2000-03-06 2001-09-13 Cardinalcommerce Corporation Centralized identity authentication in anl electronic communication network
US20010037451A1 (en) * 2000-03-06 2001-11-01 Bhagavatula Ravishankar S. Centralized identity authentication for electronic communication networks
US8321912B2 (en) 2000-03-06 2012-11-27 Cardinalcommerce Corporation Centralized identity authentication for electronic communication networks
WO2001073706A1 (en) * 2000-03-28 2001-10-04 Philippe Agnelli Payment system not revealing banking information on the public or quasi-public network
FR2807247A1 (en) * 2000-03-28 2001-10-05 Philippe Agnelli payment system to not disclose banking information over the public network and quasi-public
WO2001073708A2 (en) * 2000-03-29 2001-10-04 Cma Business Credit Services Method and apparatus for admistering one or more value bearing instruments
WO2001073708A3 (en) * 2000-03-29 2003-08-28 Cma Business Credit Services Method and apparatus for admistering one or more value bearing instruments
WO2001073709A3 (en) * 2000-03-29 2003-08-28 Cma Business Credit Services Method and apparatus for processing one or more value bearing instruments
WO2001073709A2 (en) * 2000-03-29 2001-10-04 Cma Business Credit Services Method and apparatus for processing one or more value bearing instruments
US20020053018A1 (en) * 2000-06-12 2002-05-02 Kenji Ota Apparatus and method to identify computer system
FR2811452A1 (en) * 2000-07-07 2002-01-11 Thomson Multimedia Sa System and micropayment transaction management process, customer devices, merchant and financial intermediary
WO2002005226A1 (en) * 2000-07-07 2002-01-17 Thomson Licensing Sa Micropayment transaction management method, client devices, trader and financial intermediary
US8260806B2 (en) 2000-08-04 2012-09-04 Grdn. Net Solutions, Llc Storage, management and distribution of consumer information
US9928508B2 (en) 2000-08-04 2018-03-27 Intellectual Ventures I Llc Single sign-on for access to a central data repository
US8566248B1 (en) 2000-08-04 2013-10-22 Grdn. Net Solutions, Llc Initiation of an information transaction over a network via a wireless device
US20060200425A1 (en) * 2000-08-04 2006-09-07 Enfotrust Networks, Inc. Single sign-on for access to a central data repository
US20090210293A1 (en) * 2000-08-04 2009-08-20 Nick Steele Information transactions over a network
US20070013610A1 (en) * 2000-08-15 2007-01-18 Mooney Philip D Wireless security badge
US7724207B2 (en) * 2000-08-15 2010-05-25 Agere Systems Inc. Wireless security badge
WO2002017253A1 (en) * 2000-08-25 2002-02-28 Telefonaktiebolaget Lm Ericsson (Publ) Initiation of an electronic payment transaction
EP1182625A1 (en) * 2000-08-25 2002-02-27 TELEFONAKTIEBOLAGET LM ERICSSON (publ) Introduction of an electronic payment transaction
US20020052842A1 (en) * 2000-08-25 2002-05-02 Marko Schuba Initiation of an electronic payment transaction
US7603319B2 (en) * 2000-08-28 2009-10-13 Contentguard Holdings, Inc. Method and apparatus for preserving customer identity in on-line transactions
US20030200468A1 (en) * 2000-08-28 2003-10-23 Contentguard Holdings, Inc. Method and apparatus for preserving customer identity in on-line transactions
US6854056B1 (en) * 2000-09-21 2005-02-08 International Business Machines Corporation Method and system for coupling an X.509 digital certificate with a host identity
US6851049B1 (en) * 2000-10-02 2005-02-01 Pgp Corporation Method and apparatus for facilitating secure anonymous email recipients
WO2002029742A1 (en) * 2000-10-05 2002-04-11 Societe Ntsys Sa Secure internet paying agent with mobile telephone validation
WO2002030039A1 (en) * 2000-10-05 2002-04-11 France Telecom Sa Method for authenticating an electronic document
FR2815205A1 (en) * 2000-10-05 2002-04-12 France Telecom Method Electronic Document Authentication
FR2815203A1 (en) * 2000-10-05 2002-04-12 Ntsys Secure Internet payment agent validated by mobile phone
US20020042879A1 (en) * 2000-10-10 2002-04-11 Gould Terry A. Electronic signature system
EP1207506A3 (en) * 2000-10-12 2004-01-07 Hitachi, Ltd. Payment processing method and system
US20020046189A1 (en) * 2000-10-12 2002-04-18 Hitachi, Ltd. Payment processing method and system
US20100050233A1 (en) * 2000-10-30 2010-02-25 Raf Technology, Inc. Verification engine for user authentication
US8316418B2 (en) 2000-10-30 2012-11-20 Raf Technology, Inc. Verification engine for user authentication
US6876986B1 (en) * 2000-10-30 2005-04-05 Hewlett-Packard Development Company, L.P. Transaction payment system
US20050108161A1 (en) * 2000-10-30 2005-05-19 Currans Kevin G. Transaction payment system
US8032927B2 (en) 2000-10-30 2011-10-04 Raf Technology, Inc. Verification engine for user authentication
US7353014B2 (en) 2000-10-31 2008-04-01 Vijay Raghavan Chetty Universal portable unit
US20020052193A1 (en) * 2000-10-31 2002-05-02 Chetty Vijay Raghavan Universal portable unit
US8831995B2 (en) 2000-11-06 2014-09-09 Numecent Holdings, Inc. Optimized server for streamed applications
US20020083183A1 (en) * 2000-11-06 2002-06-27 Sanjay Pujare Conventionally coded application conversion system for streamed delivery and execution
US9654548B2 (en) 2000-11-06 2017-05-16 Numecent Holdings, Inc. Intelligent network streaming and execution system for conventionally coded applications
US20020087883A1 (en) * 2000-11-06 2002-07-04 Curt Wohlgemuth Anti-piracy system for remotely served computer applications
US20030004882A1 (en) * 2000-11-06 2003-01-02 Holler Anne Marie Optimized server for streamed applications
US9130953B2 (en) 2000-11-06 2015-09-08 Numecent Holdings, Inc. Intelligent network streaming and execution system for conventionally coded applications
US7543335B2 (en) 2000-11-22 2009-06-02 Microsoft Corporation Method and system for allowing code to be securely initialized in a computer
US7721341B2 (en) 2000-11-22 2010-05-18 Microsoft Corporation Method and system for allowing code to be securely initialized in a computer
US6938164B1 (en) 2000-11-22 2005-08-30 Microsoft Corporation Method and system for allowing code to be securely initialized in a computer
US20050144476A1 (en) * 2000-11-22 2005-06-30 Microsoft Corporation Method and system for allowing code to be securely intialized in a computer
GB2390452A (en) * 2000-11-28 2004-01-07 Endeavors Technology Inc Systems and methods for conducting electronic media transactions
WO2002044843A3 (en) * 2000-11-28 2003-02-27 Endeavors Technology Inc Systems and methods for conducting electronic media transactions
WO2002044843A2 (en) * 2000-11-28 2002-06-06 Endeavors Technology, Inc. Systems and methods for conducting electronic media transactions
GB2390452B (en) * 2000-11-28 2005-04-06 Endeavors Technology Inc Systems and methods for conducting electronic media transactions
US7451196B1 (en) 2000-12-15 2008-11-11 Stream Theory, Inc. Method and system for executing a software application in a virtual environment
US20020112174A1 (en) * 2000-12-18 2002-08-15 Yager David Frank Security code activated access control system
US6950944B2 (en) * 2000-12-18 2005-09-27 David Frank Yager Security code activated access control system
US8893249B2 (en) 2001-02-14 2014-11-18 Numecent Holdings, Inc. Intelligent network streaming and execution system for conventionally coded applications
US20080178298A1 (en) * 2001-02-14 2008-07-24 Endeavors Technology, Inc. Intelligent network streaming and execution system for conventionally coded applications
US8438298B2 (en) 2001-02-14 2013-05-07 Endeavors Technologies, Inc. Intelligent network streaming and execution system for conventionally coded applications
US6612928B1 (en) 2001-02-15 2003-09-02 Sierra Design Group Player identification using biometric data in a gaming environment
US8904181B1 (en) 2001-03-23 2014-12-02 David P. Felsher System and method for secure three-party communications
US9419951B1 (en) 2001-03-23 2016-08-16 St. Luke Technologies, Llc System and method for secure three-party communications
US7552466B2 (en) 2001-03-28 2009-06-23 Geotrust, Inc. Web site identity assurance
US20060282883A1 (en) * 2001-03-28 2006-12-14 Geotrust, Inc. Web site identity assurance
US20030023878A1 (en) * 2001-03-28 2003-01-30 Rosenberg Jonathan B. Web site identity assurance
US7114177B2 (en) 2001-03-28 2006-09-26 Geotrust, Inc. Web site identity assurance
US20020141586A1 (en) * 2001-03-29 2002-10-03 Aladdin Knowledge Systems Ltd. Authentication employing the bluetooth communication protocol
WO2002082716A1 (en) * 2001-04-02 2002-10-17 Geotrust, Inc. Validating content
US8769645B2 (en) * 2001-04-11 2014-07-01 Facebook, Inc. Brokering a connection to access a secured service
US7237257B1 (en) * 2001-04-11 2007-06-26 Aol Llc Leveraging a persistent connection to access a secured service
US7707627B2 (en) * 2001-04-11 2010-04-27 Aol Inc. Leveraging a persistent connection to access a secured service
US8689312B2 (en) * 2001-04-11 2014-04-01 Facebook Inc. Leveraging a persistent connection to access a secured service
US8176541B1 (en) * 2001-04-11 2012-05-08 Aol Inc. Leveraging a persistent connection to access a secured service
US20120260316A1 (en) * 2001-04-11 2012-10-11 Aol Inc. Leveraging a Persistent Connection to Access a Secured Service
US9197626B2 (en) 2001-04-11 2015-11-24 Facebook, Inc. Leveraging a persistent connection to access a secured service
US20080010667A1 (en) * 2001-04-11 2008-01-10 Aol Llc Leveraging a Persistent Connection to Access a Secured Service
US20130174226A1 (en) * 2001-04-11 2013-07-04 Robert Bruce Hirsh Leveraging a persistent connection to access a secured service
US9197627B2 (en) * 2001-04-11 2015-11-24 Facebook, Inc. Leveraging a persistent connection to access a secured service
US9461981B2 (en) 2001-04-11 2016-10-04 Facebook, Inc. Leveraging a persistent connection to access a secured service
US20150113611A1 (en) * 2001-04-11 2015-04-23 Facebook, Inc. Leveraging a persistent connection to access a secured service
US7058969B2 (en) * 2001-05-10 2006-06-06 Michael Anthimos Sambati Recognition system
US7143285B2 (en) 2001-05-22 2006-11-28 International Business Machines Corporation Password exposure elimination for digital signature coupling with a host identity
US20030009662A1 (en) * 2001-05-22 2003-01-09 International Business Machines Corporation Password exposure elimination for digital signature coupling with a host identity
US7650314B1 (en) * 2001-05-25 2010-01-19 American Express Travel Related Services Company, Inc. System and method for securing a recurrent billing transaction
US7240196B2 (en) 2001-06-22 2007-07-03 Verimatrix, Inc. Method and system for protecting ownership rights of digital content files
US20030093665A1 (en) * 2001-06-22 2003-05-15 Cooper Robin Ross Method and system for protecting ownership rights of digital content files
US20090140839A1 (en) * 2001-07-10 2009-06-04 American Express Travel Related Services Company, Inc. Systems and methods for non-traditional payment using biometric data
US9031880B2 (en) 2001-07-10 2015-05-12 Iii Holdings 1, Llc Systems and methods for non-traditional payment using biometric data
US8001054B1 (en) 2001-07-10 2011-08-16 American Express Travel Related Services Company, Inc. System and method for generating an unpredictable number using a seeded algorithm
US8655789B2 (en) 2001-07-10 2014-02-18 American Express Travel Related Services Company, Inc. Systems and methods for non-traditional payment using biometric data
US20090125446A1 (en) * 2001-07-10 2009-05-14 American Express Travel Related Services Company, Inc. System and Method for Secure Transactions Manageable by a Transaction Account Provider
US8418918B2 (en) 2001-07-10 2013-04-16 American Express Travel Related Services Company, Inc. System and method for secure transactions manageable by a transaction account provider
US20050050437A1 (en) * 2001-07-25 2005-03-03 Jean-Luc Giraud Method for protecting personal data read in a terminal station by a server
US8464328B2 (en) * 2001-07-25 2013-06-11 Gemalto Sa Method for protecting personal data read in a terminal station by a server
US20050166262A1 (en) * 2001-10-12 2005-07-28 Beattie Douglas D. Methods and systems for automated authentication, processing and issuance of digital certificates
US7120929B2 (en) 2001-10-12 2006-10-10 Geotrust, Inc. Methods and systems for automated authentication, processing and issuance of digital certificates
US8028162B2 (en) 2001-10-12 2011-09-27 Geotrust, Inc. Methods and systems for automated authentication, processing and issuance of digital certificates
US7003661B2 (en) 2001-10-12 2006-02-21 Geotrust, Inc. Methods and systems for automated authentication, processing and issuance of digital certificates
US20030126431A1 (en) * 2001-10-12 2003-07-03 Beattie Douglas D. Methods and systems for automated authentication, processing and issuance of digital certificates
US20090133118A1 (en) * 2001-10-12 2009-05-21 Verisign, Inc. Methods and systems for automated authentication, processing and issuance of digital certificates
US7562212B2 (en) 2001-10-12 2009-07-14 Geotrust, Inc. Methods and systems for automated authentication, processing and issuance of digital certificates
FR2831297A1 (en) * 2001-10-22 2003-04-25 Bosch Gmbh Robert Method of provision of service by service provider over communication network, uses secret key sent to user to encrypt part of offer of service which is returned to provider as evidence of correct identification of user
US7137004B2 (en) 2001-11-16 2006-11-14 Microsoft Corporation Manifest-based trusted agent management in a trusted operating system environment
US7577839B2 (en) 2001-11-16 2009-08-18 Microsoft Corporation Transferring application secrets in a trusted operating system environment
US7243230B2 (en) 2001-11-16 2007-07-10 Microsoft Corporation Transferring application secrets in a trusted operating system environment
US7107463B2 (en) 2001-11-16 2006-09-12 Microsoft Corporation Manifest-based trusted agent management in a trusted operating system environment
US7577840B2 (en) 2001-11-16 2009-08-18 Microsoft Corporation Transferring application secrets in a trusted operating system environment
US20050289351A1 (en) * 2001-11-16 2005-12-29 Microsoft Corporation Manifest-based trusted agent management in a trusted operating system environment
US7257707B2 (en) 2001-11-16 2007-08-14 Microsoft Corporation Manifest-based trusted agent management in a trusted operating system environment
US20060005230A1 (en) * 2001-11-16 2006-01-05 Microsoft Corporation Manifest-based trusted agent management in a trusted operating system environment
US20030097558A1 (en) * 2001-11-16 2003-05-22 Paul England Transferring application secrets in a trusted operating system environment
US7159240B2 (en) 2001-11-16 2007-01-02 Microsoft Corporation Operating system upgrades in a trusted operating system environment
US7634661B2 (en) 2001-11-16 2009-12-15 Microsoft Corporation Manifest-based trusted agent management in a trusted operating system environment
US7305553B2 (en) 2001-11-16 2007-12-04 Microsoft Corporation Manifest-based trusted agent management in a trusted operating system environment
US20050278477A1 (en) * 2001-11-16 2005-12-15 Microsoft Corporation Manifest-based trusted agent management in a trusted operating system environment
US20030097578A1 (en) * 2001-11-16 2003-05-22 Paul England Operating system upgrades in a trusted operating system environment
US20050278531A1 (en) * 2001-11-16 2005-12-15 Microsoft Corporation Manifest-based trusted agent management in a trusted operating system environment
US20030097579A1 (en) * 2001-11-16 2003-05-22 Paul England Manifest-based trusted agent management in a trusted operating system environment
WO2003061186A1 (en) * 2002-01-07 2003-07-24 Fusion Arc, Inc. Identity verification method using a central biometric authority
US20110119505A1 (en) * 2002-04-17 2011-05-19 Microsoft Corporation Saving and retrieving data based on public key encryption
US20110119501A1 (en) * 2002-04-17 2011-05-19 Microsoft Corporation Saving and retrieving data based on public key encryption
US8621243B2 (en) 2002-04-17 2013-12-31 Microsoft Corporation Saving and retrieving data based on public key encryption
US20110119500A1 (en) * 2002-04-17 2011-05-19 Microsoft Corporation Saving and retrieving data based on public key encryption
US20110154057A1 (en) * 2002-04-17 2011-06-23 Microsoft Corporation Saving and retrieving data based on public key encryption
US7890771B2 (en) 2002-04-17 2011-02-15 Microsoft Corporation Saving and retrieving data based on public key encryption
US9183406B2 (en) 2002-04-17 2015-11-10 Microsoft Technology Licensing, Llc Saving and retrieving data based on public key encryption
US20030200450A1 (en) * 2002-04-17 2003-10-23 Paul England Saving and retrieving data based on public key encryption
US7487365B2 (en) 2002-04-17 2009-02-03 Microsoft Corporation Saving and retrieving data based on symmetric key encryption
US20070088949A1 (en) * 2002-04-17 2007-04-19 Microsoft Corporation Saving and Retrieving Data Based on Public Key Encryption
US8601286B2 (en) 2002-04-17 2013-12-03 Microsoft Corporation Saving and retrieving data based on public key encryption
US7424612B2 (en) 2002-04-17 2008-09-09 Microsoft Corporation Saving and retrieving data based on symmetric key encryption
US8683230B2 (en) 2002-04-17 2014-03-25 Microsoft Corporation Saving and retrieving data based on public key encryption
US7765397B2 (en) 2002-04-17 2010-07-27 Microsoft Corporation Generating, migrating or exporting bound keys
US20070067624A1 (en) * 2002-04-17 2007-03-22 Microsoft Corporation Saving and Retrieving Data Based on Symmetric Key Encryption
US7752456B2 (en) 2002-04-17 2010-07-06 Microsoft Corporation Saving and retrieving data based on symmetric key encryption
US20070088946A1 (en) * 2002-04-17 2007-04-19 Microsoft Corporation Saving and Retrieving Data Based on Symmetric Key Encryption
US7587589B2 (en) 2002-04-17 2009-09-08 Microsoft Corporation Saving and retrieving data based on symmetric key encryption
US8589701B2 (en) 2002-04-17 2013-11-19 Microsoft Corporation Saving and retrieving data based on public key encryption
US20070086588A1 (en) * 2002-04-17 2007-04-19 Microsoft Corporation Saving and Retrieving Data Based on Symmetric Key Encryption
US20030200440A1 (en) * 2002-04-17 2003-10-23 Paul England Saving and retrieving data based on symmetric key encryption
US20080097918A1 (en) * 2002-05-07 2008-04-24 Spector Mark B Internet-based, customizable clinical information system
US20040254890A1 (en) * 2002-05-24 2004-12-16 Sancho Enrique David System method and apparatus for preventing fraudulent transactions
US20080127305A1 (en) * 2002-05-29 2008-05-29 Raf Technology, Inc. Authentication query strategizer and results compiler
US7748029B2 (en) 2002-05-29 2010-06-29 Raf Technology, Inc. Authentication query strategizer and results compiler
US20110167002A1 (en) * 2002-06-12 2011-07-07 Cardinalcommerce Corporation Universal merchant platform for payment authentication
US20030233327A1 (en) * 2002-06-12 2003-12-18 Cardinal Commerce Corporation Universal merchant platform for payment authentication
US8645266B2 (en) 2002-06-12 2014-02-04 Cardinalcommerce Corporation Universal merchant platform for payment authentication
US8650118B2 (en) 2002-06-12 2014-02-11 Cardinalcommerce Corporation Universal merchant platform for payment authentication
US20100169215A1 (en) * 2002-06-12 2010-07-01 Cardinalcommerce Corporation Universal merchant platform for payment authentication
US8140429B2 (en) 2002-06-12 2012-03-20 Cardinalcommerce Corporation Universal merchant platform for payment authentication
US7051002B2 (en) 2002-06-12 2006-05-23 Cardinalcommerce Corporation Universal merchant platform for payment authentication
US20050033703A1 (en) * 2002-09-09 2005-02-10 John Holdsworth Systems and methods for enrolling a token in an online authentication program
US20050044385A1 (en) * 2002-09-09 2005-02-24 John Holdsworth Systems and methods for secure authentication of electronic transactions
US20050033702A1 (en) * 2002-09-09 2005-02-10 John Holdsworth Systems and methods for authentication of electronic transactions
US20050044393A1 (en) * 2002-09-09 2005-02-24 John Holdsworth Token for use in online electronic transactions
US7437757B2 (en) 2002-09-09 2008-10-14 Us Encode Corporation Token for use in online electronic transactions
WO2004023712A1 (en) * 2002-09-09 2004-03-18 U.S. Encode Corporation Systems and methods for secure authentication of electronic transactions
US20080228653A1 (en) * 2002-09-09 2008-09-18 U.S. Encode Corporation Systems and methods for enrolling a token in an online authentication program
US7412420B2 (en) 2002-09-09 2008-08-12 U.S. Encode Corporation Systems and methods for enrolling a token in an online authentication program
US7147150B2 (en) * 2002-11-28 2006-12-12 Fujitsu Limited Personal identification terminal and method having selectable identification means or identification levels
US20040104265A1 (en) * 2002-11-28 2004-06-03 Fujitsu Limited Personal identification terminal and method having selectable identification means or identification levels
US7373464B2 (en) * 2002-12-20 2008-05-13 Data Domain, Inc. Efficient data storage system
US20050216669A1 (en) * 2002-12-20 2005-09-29 Data Domain, Inc. Efficient data storage system
US8600830B2 (en) 2003-02-05 2013-12-03 Steven M. Hoffberg System and method for providing a payment to a non-winning auction participant
US9818136B1 (en) 2003-02-05 2017-11-14 Steven M. Hoffberg System and method for determining contingent relevance
US8612762B2 (en) 2003-09-12 2013-12-17 Ricoh Company, Ltd. Communications apparatus, communications system, and method of setting certificate
US20050097332A1 (en) * 2003-09-12 2005-05-05 Tatsuya Imai Communications apparatus, communications system, and method of setting certificate
US7647501B2 (en) * 2003-09-12 2010-01-12 Ricoh Company, Ltd. Communications apparatus, communications system, and method of setting certificate
US8291225B2 (en) 2003-09-12 2012-10-16 Ricoh Company, Ltd. Communications apparatus, communications system, and method of setting certificate
US20050125686A1 (en) * 2003-12-05 2005-06-09 Brandt William M. Method and system for preventing identity theft in electronic communications
US8321946B2 (en) * 2003-12-05 2012-11-27 Hewlett-Packard Development Company, L.P. Method and system for preventing identity theft in electronic communications
US20050203843A1 (en) * 2004-03-12 2005-09-15 Wood George L. Internet debit system
US20080313706A1 (en) * 2004-05-18 2008-12-18 Silverbrook Research Pty Ltd Method of Verifying an Object
US8117455B2 (en) 2004-05-18 2012-02-14 Silverbrook Research Pty Ltd Object authentication from a signature part
US20080313467A1 (en) * 2004-05-18 2008-12-18 Silverbrook Research Pty Ltd Authentication Processor Using a Signature Encoded in a Number of Data Portions
US20100235643A1 (en) * 2004-05-18 2010-09-16 Silverbrook Research Pty Ltd Authentication of an object
US20090254755A1 (en) * 2004-05-18 2009-10-08 Silverbrook Research Pty Ltd Object Authentication From A Signature Part
US20090077385A1 (en) * 2004-05-18 2009-03-19 Silverbrook Research Pty Ltd Authenticating An Object
US8015412B2 (en) 2004-05-18 2011-09-06 Silverbrook Research Pty Ltd Authentication of an object
US20090125724A1 (en) * 2004-05-18 2009-05-14 Silverbrook Research Pty Ltd Object authentication
US8312281B2 (en) 2004-05-18 2012-11-13 Silverbrook Research Pty Ltd Computer system incorporating a target and symbol data sensing arrangement
US20090122352A1 (en) * 2004-05-18 2009-05-14 Silverbrook Research Pty Ltd Computer system incorporating a target and symbol data sensing arrangement
US20090125723A1 (en) * 2004-05-18 2009-05-14 Silverbrook Research Pty Ltd Authentication of an object
US7779457B2 (en) 2004-06-09 2010-08-17 Identifid, Inc Identity verification system
US9203837B2 (en) 2004-06-14 2015-12-01 Iovation, Inc. Network security and fraud detection system and method
US20060048211A1 (en) * 2004-06-14 2006-03-02 Greg Pierson Network security and fraud detection system and method
US8776225B2 (en) 2004-06-14 2014-07-08 Iovation, Inc. Network security and fraud detection system and method
US9118646B2 (en) 2004-06-14 2015-08-25 Iovation, Inc. Network security and fraud detection system and method
US20080040802A1 (en) * 2004-06-14 2008-02-14 Iovation, Inc. Network security and fraud detection system and method
US20060005263A1 (en) * 2004-06-16 2006-01-05 Sxip Networks Srl Distributed contact information management
US20060005020A1 (en) * 2004-06-16 2006-01-05 Sxip Networks Srl Graduated authentication in an identity management system
US20050283443A1 (en) * 2004-06-16 2005-12-22 Hardt Dick C Auditable privacy policies in a distributed hierarchical identity management system
US8504704B2 (en) 2004-06-16 2013-08-06 Dormarke Assets Limited Liability Company Distributed contact information management
US9245266B2 (en) * 2004-06-16 2016-01-26 Callahan Cellular L.L.C. Auditable privacy policies in a distributed hierarchical identity management system
US8527752B2 (en) 2004-06-16 2013-09-03 Dormarke Assets Limited Liability Graduated authentication in an identity management system
US9398020B2 (en) 2004-06-16 2016-07-19 Callahan Cellular L.L.C. Graduated authentication in an identity management system
US8959652B2 (en) 2004-06-16 2015-02-17 Dormarke Assets Limited Liability Company Graduated authentication in an identity management system
US7694135B2 (en) 2004-07-16 2010-04-06 Geotrust, Inc. Security systems and services to provide identity and uniform resource identifier verification
US20080134346A1 (en) * 2004-08-05 2008-06-05 Yeong-Sub Cho Transactions Certification Method And System To Protect Privacy On Details Of Electronic Transactions
US20060048136A1 (en) * 2004-08-25 2006-03-02 Vries Jeff D Interception-based resource detection system
US7240162B2 (en) 2004-10-22 2007-07-03 Stream Theory, Inc. System and method for predictive streaming
US20060168294A1 (en) * 2004-11-13 2006-07-27 De Vries Jeff Hybrid local/remote streaming
US20060123185A1 (en) * 2004-11-13 2006-06-08 De Vries Jeffrey Streaming from a media device
US8949820B2 (en) 2004-11-13 2015-02-03 Numecent Holdings, Inc. Streaming from a media device
US8359591B2 (en) 2004-11-13 2013-01-22 Streamtheory, Inc. Streaming from a media device
US20060129820A1 (en) * 2004-12-09 2006-06-15 International Business Machines Corporation Object oriented program communication system with an object for sending a certification of the existence of events justifying response actions
US8527706B2 (en) 2005-03-23 2013-09-03 Numecent Holdings, Inc. Opportunistic block transmission with time constraints
US8898391B2 (en) 2005-03-23 2014-11-25 Numecent Holdings, Inc. Opportunistic block transmission with time constraints
US20060218165A1 (en) * 2005-03-23 2006-09-28 Vries Jeffrey De Explicit overlay integration rules
US9716609B2 (en) 2005-03-23 2017-07-25 Numecent Holdings, Inc. System and method for tracking changes to files in streaming applications
US9300752B2 (en) 2005-03-23 2016-03-29 Numecent Holdings, Inc. Opportunistic block transmission with time constraints
US9781007B2 (en) 2005-03-23 2017-10-03 Numecent Holdings, Inc. Opportunistic block transmission with time constraints
US20060230175A1 (en) * 2005-03-23 2006-10-12 De Vries Jeffrey System and method for tracking changes to files in streaming applications
US7676433B1 (en) 2005-03-24 2010-03-09 Raf Technology, Inc. Secure, confidential authentication with private data
US20090119505A1 (en) * 2005-05-10 2009-05-07 Dts Ltd. Transaction method and verification method
US20090094170A1 (en) * 2005-09-02 2009-04-09 Anne Mercier Mohn Methods and systems for financial account management
US9794797B2 (en) 2005-10-04 2017-10-17 Steven M. Hoffberg Multifactorial optimization system and method
US20090025080A1 (en) * 2006-09-27 2009-01-22 Craig Lund System and method for authenticating a client to a server via an ipsec vpn and facilitating a secure migration to ssl vpn remote access
US20080077791A1 (en) * 2006-09-27 2008-03-27 Craig Lund System and method for secured network access
US8327142B2 (en) 2006-09-27 2012-12-04 Secureauth Corporation System and method for facilitating secure online transactions
US20080077796A1 (en) * 2006-09-27 2008-03-27 Craig Lund System and method for facilitating secure online transactions
US8700901B2 (en) 2006-09-27 2014-04-15 Secureauth Corporation Facilitating secure online transactions
US9900163B2 (en) 2006-09-27 2018-02-20 Secureauth Corporation Facilitating secure online transactions
US9294288B2 (en) 2006-09-27 2016-03-22 Secureauth Corporation Facilitating secure online transactions
US20080091859A1 (en) * 2006-10-17 2008-04-17 Hon Hai Precision Industry Co., Ltd. Test Method for verifying installation validity of a PCI device on an electronic device
US9054963B2 (en) 2006-10-23 2015-06-09 Numecent Holdings, Inc. Rule-based application access management
US10057268B2 (en) 2006-10-23 2018-08-21 Numecent Holdings, Inc. Rule-based application access management
US9054962B2 (en) 2006-10-23 2015-06-09 Numecent Holdings, Inc. Rule-based application access management
US9699194B2 (en) 2006-10-23 2017-07-04 Numecent Holdings, Inc. Rule-based application access management
US9825957B2 (en) 2006-10-23 2017-11-21 Numecent Holdings, Inc. Rule-based application access management
US8261345B2 (en) 2006-10-23 2012-09-04 Endeavors Technologies, Inc. Rule-based application access management
US9380063B2 (en) 2006-10-23 2016-06-28 Numecent Holdings, Inc. Rule-based application access management
US20080109876A1 (en) * 2006-10-23 2008-05-08 Endeavors Technologies, Inc. Rule-based application access management
US9571501B2 (en) 2006-10-23 2017-02-14 Numecent Holdings, Inc. Rule-based application access management
US8752128B2 (en) 2006-10-23 2014-06-10 Numecent Holdings, Inc. Rule-based application access management
US8782778B2 (en) 2006-10-23 2014-07-15 Numecent Holdings, Inc. Rule-based application access management
US8751815B2 (en) 2006-10-25 2014-06-10 Iovation Inc. Creating and verifying globally unique device-specific identifiers
US20080104684A1 (en) * 2006-10-25 2008-05-01 Iovation, Inc. Creating and verifying globally unique device-specific identifiers
US9866989B2 (en) 2007-04-27 2018-01-09 Iii Holdings 1, Llc Payment application download to mobile phone and phone personalization
US8543496B2 (en) 2007-04-27 2013-09-24 American Express Travel Related Services Company, Inc. User experience on mobile phone
US8620260B2 (en) 2007-04-27 2013-12-31 American Express Travel Related Services Company, Inc. Payment application download to mobile phone and phone personalization
US20080270302A1 (en) * 2007-04-27 2008-10-30 American Express Travel Related Services Co., Inc. User experience on mobile phone
US20080270301A1 (en) * 2007-04-27 2008-10-30 American Express Travel Related Services Co., Inc. Mobile payment system and method
US8688570B2 (en) 2007-04-27 2014-04-01 American Express Travel Related Services Company, Inc. System and method for performing person-to-person funds transfers via wireless communications
US9307341B2 (en) 2007-04-27 2016-04-05 Iii Holdings 1, Llc Payment application download to mobile phone and phone personalization
US20080270300A1 (en) * 2007-04-27 2008-10-30 American Express Travel Related Services Company, Inc. System and method for performing person-to-person funds transfers via wireless communications
US20080268811A1 (en) * 2007-04-27 2008-10-30 American Express Travel Related Services Co., Inc. Payment application download to mobile phone and phone personalization
US8407382B2 (en) 2007-07-06 2013-03-26 Imation Corp. Commonality factoring for removable media
US20090198617A1 (en) * 2007-07-27 2009-08-06 Ntt Docomo, Inc. Method and apparatus for performing delegated transactions
US8024523B2 (en) 2007-11-07 2011-09-20 Endeavors Technologies, Inc. Opportunistic block transmission with time constraints
US8661197B2 (en) 2007-11-07 2014-02-25 Numecent Holdings, Inc. Opportunistic block transmission with time constraints
US9436578B2 (en) 2007-11-07 2016-09-06 Numecent Holdings, Inc. Deriving component statistics for a stream enabled application
US20090119644A1 (en) * 2007-11-07 2009-05-07 Endeavors Technologies, Inc. Deriving component statistics for a stream enabled application
US8892738B2 (en) 2007-11-07 2014-11-18 Numecent Holdings, Inc. Deriving component statistics for a stream enabled application
US20090119458A1 (en) * 2007-11-07 2009-05-07 Endeavors Technologies, Inc. Opportunistic block transmission with time constraints
US20090177334A1 (en) * 2008-01-04 2009-07-09 Dell Products L.P. Method and System for Managing the Power Consumption of an Information Handling System
US8621561B2 (en) 2008-01-04 2013-12-31 Microsoft Corporation Selective authorization based on authentication input attributes
US20090178129A1 (en) * 2008-01-04 2009-07-09 Microsoft Corporation Selective authorization based on authentication input attributes
US20090228703A1 (en) * 2008-03-10 2009-09-10 Garret Grajek System and method for configuring a valid duration period for a digital certificate
US8301877B2 (en) 2008-03-10 2012-10-30 Secureauth Corporation System and method for configuring a valid duration period for a digital certificate
US9124576B2 (en) 2008-03-10 2015-09-01 Secureauth Corporation Configuring a valid duration period for a digital certificate
US8468340B2 (en) 2008-03-10 2013-06-18 Secureauth Corporation Configuring a valid duration period for a digital certificate
US8812838B2 (en) 2008-03-10 2014-08-19 Secureauth Corporation Configuring a valid duration period for a digital certificate
US20090240936A1 (en) * 2008-03-20 2009-09-24 Mark Lambiase System and method for storing client-side certificate credentials
US8762210B2 (en) 2008-06-03 2014-06-24 Cardinalcommerce Corporation Alternative payment implementation for electronic retailers
US20090313147A1 (en) * 2008-06-03 2009-12-17 Balasubramanian Chandra S Alternative payment implementation for electronic retailers
US20090307486A1 (en) * 2008-06-09 2009-12-10 Garret Grajek System and method for secured network access utilizing a client .net software component
US20100017845A1 (en) * 2008-07-18 2010-01-21 Microsoft Corporation Differentiated authentication for compartmentalized computing resources
US20100058013A1 (en) * 2008-08-26 2010-03-04 Vault Usa, Llc Online backup system with global two staged deduplication without using an indexing database
US8332617B2 (en) 2008-08-26 2012-12-11 Imation Corp. Online backup system with global two staged deduplication without using an indexing database
US8074049B2 (en) 2008-08-26 2011-12-06 Nine Technology, Llc Online backup system with global two staged deduplication without using an indexing database
US20100138907A1 (en) * 2008-12-01 2010-06-03 Garret Grajek Method and system for generating digital certificates and certificate signing requests
US8621625B1 (en) * 2008-12-23 2013-12-31 Symantec Corporation Methods and systems for detecting infected files
US20100217975A1 (en) * 2009-02-25 2010-08-26 Garret Grajek Method and system for secure online transactions with message-level validation
US9473310B2 (en) 2009-04-07 2016-10-18 Secureauth Corporation Identity-based certificate management
US20100257358A1 (en) * 2009-04-07 2010-10-07 Garret Grajek Identity-based certificate management
US9882728B2 (en) 2009-04-07 2018-01-30 Secureauth Corporation Identity-based certificate management
US8707031B2 (en) 2009-04-07 2014-04-22 Secureauth Corporation Identity-based certificate management
US9075958B2 (en) 2009-06-24 2015-07-07 Uniloc Luxembourg S.A. Use of fingerprint with an on-line or networked auction
US20100332400A1 (en) * 2009-06-24 2010-12-30 Craig Stephen Etchegoyen Use of Fingerprint with an On-Line or Networked Payment Authorization System
US20100332396A1 (en) * 2009-06-24 2010-12-30 Craig Stephen Etchegoyen Use of Fingerprint with an On-Line or Networked Auction
US20100332267A1 (en) * 2009-06-24 2010-12-30 Craig Stephan Etchegoyen System and Method for Preventing Multiple Online Purchases
US10068282B2 (en) 2009-06-24 2018-09-04 Uniloc 2017 Llc System and method for preventing multiple online purchases
US20110119747A1 (en) * 2009-11-17 2011-05-19 Mark Lambiase Single sign on with multiple authentication factors
US9288195B2 (en) 2009-11-17 2016-03-15 Secureauth Corporation Single sign on with multiple authentication factors
US8613067B2 (en) 2009-11-17 2013-12-17 Secureauth Corporation Single sign on with multiple authentication factors
US9338155B2 (en) 2010-02-25 2016-05-10 Secureauth Corporation Security device provisioning
US8510816B2 (en) 2010-02-25 2013-08-13 Secureauth Corporation Security device provisioning
US20110209208A1 (en) * 2010-02-25 2011-08-25 Allen Yu Quach Security device provisioning
US9930040B2 (en) 2010-02-25 2018-03-27 Secureauth Corporation System and method for provisioning a security token
US8676684B2 (en) 2010-04-12 2014-03-18 Iovation Inc. System and method for evaluating risk in fraud prevention
US9990673B2 (en) * 2010-05-03 2018-06-05 Symbol Technologies, Llc Universal payment module systems and methods for mobile computing devices
US20110270741A1 (en) * 2010-05-03 2011-11-03 Symbol Technologies, Inc. Universal payment module systems and methods for mobile computing devices
US9183560B2 (en) 2010-05-28 2015-11-10 Daniel H. Abelow Reality alternate
US9639825B1 (en) * 2011-06-14 2017-05-02 Amazon Technologies, Inc. Securing multifactor authentication
US9628875B1 (en) 2011-06-14 2017-04-18 Amazon Technologies, Inc. Provisioning a device to be an authentication device
US20130276115A1 (en) * 2012-04-01 2013-10-17 Alibaba Group Holding Limited Network virtual user risk control method and system
US9223968B2 (en) * 2012-04-01 2015-12-29 Alibaba Group Holding Limited Determining whether virtual network user is malicious user based on degree of association
US20150161387A1 (en) * 2012-04-01 2015-06-11 Alibaba Group Holding Limited Network virtual user risk control method and system
US8875291B2 (en) * 2012-04-01 2014-10-28 Alibaba Group Holding Limited Network virtual user risk control method and system
US9122878B1 (en) 2012-06-28 2015-09-01 Emc Corporation Software license management with drifting component
US20150168937A1 (en) * 2012-10-16 2015-06-18 Rockwell Automation Technologies, Inc. Industrial automation equipment and machine procedure simulation
US9778643B2 (en) 2012-10-16 2017-10-03 Rockwell Automation Technologies, Inc. Machine procedure simulation
US9400495B2 (en) * 2012-10-16 2016-07-26 Rockwell Automation Technologies, Inc. Industrial automation equipment and machine procedure simulation
US20140172690A1 (en) * 2012-12-17 2014-06-19 Sas Institute Inc. Systems and Methods For Matching Domain Specific Transactions
US8914863B2 (en) * 2013-03-29 2014-12-16 Here Global B.V. Enhancing the security of near-field communication
US20140298434A1 (en) * 2013-03-29 2014-10-02 Navteq B.V. Enhancing the Security of Near-Field Communication
US9485607B2 (en) 2013-05-14 2016-11-01 Nokia Technologies Oy Enhancing the security of short-range communication in connection with an access control device

Also Published As

Publication number Publication date Type
EP1033010A4 (en) 2002-11-06 application
EP1033010A1 (en) 2000-09-06 application
CA2306865A1 (en) 1999-04-29 application
CA2306865C (en) 2009-06-30 grant
JP2001521329A (en) 2001-11-06 application
WO1999021321A1 (en) 1999-04-29 application

Similar Documents

Publication Publication Date Title
US5943423A (en) Smart token system for secure electronic transactions and identification
US6985608B2 (en) Tokenless electronic transaction system
US6711263B1 (en) Secure distribution and protection of encryption key information
US6745327B1 (en) Electronic certificate signature program
US7353532B2 (en) Secure system and method for enforcement of privacy policy and protection of confidentiality
US5781632A (en) Method and apparatus for secured transmission of confidential data over an unsecured network
US5878138A (en) System and method for detecting fraudulent expenditure of electronic assets
US5889862A (en) Method and apparatus for implementing traceable electronic cash
US6908030B2 (en) One-time credit card number generator and single round-trip authentication
US7047416B2 (en) Account-based digital signature (ABDS) system
US7028180B1 (en) System and method for usage of a role certificate in encryption and as a seal, digital stamp, and signature
US5850442A (en) Secure world wide electronic commerce over an open network
USRE40444E1 (en) Four-party credit/debit payment protocol
US7121460B1 (en) Automated banking machine component authentication system and method
US7844550B2 (en) Method and device for generating a single-use financial account number
US5872848A (en) Method and apparatus for witnessed authentication of electronic documents
US7248719B2 (en) Tokenless electronic transaction system
US7159114B1 (en) System and method of securely installing a terminal master key on an automated banking machine
US5615268A (en) System and method for electronic transmission storage and retrieval of authenticated documents
US6363365B1 (en) Mechanism for secure tendering in an open electronic network
US7558965B2 (en) Entity authentication in electronic communications by providing verification status of device
US7309004B1 (en) Cash dispensing automated banking machine firmware authentication system and method
US6950940B2 (en) ABDS method utilizing security information in authenticating entity access
US7162635B2 (en) System and method for electronic transmission, storage, and retrieval of authenticated electronic original documents
US7689832B2 (en) Biometric-based system and method for enabling authentication of electronic messages sent over a network

Legal Events

Date Code Title Description
AS Assignment

Owner name: CRYPTOWORKS, CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:LEBOURGEOIS, JOHN H.;REEL/FRAME:008865/0855

Effective date: 19971017

AS Assignment

Owner name: CRYPTOWORX CORPORATION., CALIFORNIA

Free format text: CHANGE OF NAME;ASSIGNOR:CRYPTOWORKS, INC.;REEL/FRAME:010335/0406

Effective date: 19990416

AS Assignment

Owner name: GRAHAM, JUSTIN, CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:CYGNAWORX CORPORATION;REEL/FRAME:012906/0229

Effective date: 20010801

AS Assignment

Owner name: JAMES CHELLIS, CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:GRAHAM, JUSTIN;REEL/FRAME:012906/0767

Effective date: 20011015

AS Assignment

Owner name: TECHNOSIS LLC, A NEVADA LLC, NEVADA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:CHELLIS, JAMES;REEL/FRAME:012916/0127

Effective date: 20020722

AS Assignment

Owner name: SAFE3W, INC, NEW YORK

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:TECHNOSIS, LLC;REEL/FRAME:013203/0608

Effective date: 20020723

AS Assignment

Owner name: TECHNOSIS LLC, NEVADA

Free format text: SECURITY AGREEMENT;ASSIGNOR:SAFE3W, INC.;REEL/FRAME:013045/0944

Effective date: 20020723

FPAY Fee payment

Year of fee payment: 4

AS Assignment

Owner name: C&C INTERNET SECURITY, NEW YORK

Free format text: SECURITY AGREEMENT;ASSIGNOR:SAFE3W, INC.;REEL/FRAME:015418/0833

Effective date: 20040329

Owner name: LEMLE, ROBERT S., NEW YORK

Free format text: SECURITY AGREEMENT;ASSIGNOR:SAFE3W, INC.;REEL/FRAME:015418/0833

Effective date: 20040329

FPAY Fee payment

Year of fee payment: 8

AS Assignment

Owner name: IPASS INC.,CALIFORNIA

Free format text: MERGER;ASSIGNOR:SAFE3W, INC.;REEL/FRAME:024496/0517

Effective date: 20040915

FPAY Fee payment

Year of fee payment: 12

SULP Surcharge for late payment